On Sun, Dec 07, 2003 at 01:03:29PM +0100, Jon Bendtsen wrote: > On Saturday 06 December 2003 16:25, Herbert Poetzl wrote: > > On Sat, Dec 06, 2003 at 01:27:15PM +0100, Jon Bendtsen wrote: > > > On Saturday 06 December 2003 13:08, Dariush Pietrzak wrote: > > [cut] > > > > No i dont, i want all vservers by default to be disallowed access > > > to block devices, EVEN IF THERE IS A DEV ENTRY. > > > > hmm, guess that isn't that easy to accomplish, > > but I can have a look at the code, and think > > about the possibilities ... maybe disallowing > > an open for block devices could be sufficient > > Thanks. You know blockdevices might not be the only devices we need to > limit access to. > > > [cut] > > > > > I don't really get where the problem is - you wan't all your > > > > vservers permanently banned from accessing block devices? Even > > > > if you create those devices yourself especially for your > > > > vserver to access them? Or what? > > > > > > Thats why you could have a CAP_BLOCK_ACCESS > > > > maybe as per vserver capability, once we have > > that system up and running, but the CAP_* > > resources are scarce ... (30/32) > > That would be nice, but why are they only using 5 bit for the > capabilities? i would think that regular 8 bit would be smarter.
hmm, I don't know how you deduce that ... maybe you can explain ... TIA, Herbert > JonB > > _______________________________________________ > Vserver mailing list > [EMAIL PROTECTED] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver