On Sunday 07 December 2003 15:01, Dariush Pietrzak wrote: > > For the people that forget to remove the dev entries. > > That's not really wise, what about that want to use block devices?
They can set CAP_SYS_BLOCK_ACCESS > > Also, for this option: > > a bootable vserver cdrom, that starts your regular linux > > partition inside a vserver. > > wouldn't that need access to your block devices? *sigh* not the vserver. The root server would, and i dont want to restrict that. The idea is just that the cdrom contains a script that checks the harddisk for partitions, finds the "/" mounts it, checks "/etc" for the hostname and network setup, and then start a vserver with the previously found "/" as the root of that vserver, and gives it the needed network setup. For this, the vserver does not need block access, and yet it would have all the /dev entries. > > > >> Thats why you could have a CAP_BLOCK_ACCESS > > > > > > Hmm, that would actually be nice. Is there already such CAP? > > > > i dont know. > > If there would be, it would be great - change the default to > remove such CAP and then you're happy - you can't access your block > devices by accident, and you're happy - you can start your regular > linux inside a vserver. correct, but i dont think there is such a capability :( JonB _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver