On Sunday 07 December 2003 15:26, Dariush Pietrzak wrote: > > > That's not really wise, what about that want to use block > > > devices? > > > > They can set CAP_SYS_BLOCK_ACCESS > > So there IS such CAP? As I already said - that would be great, and > that would be correct place to put that.
no, but i would like one. > > > wouldn't that need access to your block devices? > > > > *sigh* not the vserver. The root server would, and i dont want to > > restrict that. The idea is just that the cdrom contains a script > > that checks the harddisk for partitions, finds the "/" mounts it, > > checks > > Well.. locates all raid-disks, then all lvm partitions etc etc..., > then mounts all those correctly, THEN it replaces all daemons that > use block devices with it's own... ? Or am I missing something? And > after you're done with all that, you need to replace all hotplug > modules with your own, so that if you attach your > cellphone/camera/usb-firewire harddisk it appears inside the > vserver? software raid and LVM are autodetected anyway. name me a daemon that uses direct blockdevice acess Modules might be a problem, but this was intented for servers, not desktops. > BTW, do you have such CD ready? I'm in a process of modyfing > knoppix for similiar purposes, maybe I could just use your work? no, i dont have such a CD, it is just a vision. > > block access, and yet it would have all the /dev entries. > > isn't it easier to > mount -o bind /vservers/generic/dev /vservers/desktop/dev ? good idea. > This way you've got all the power to restrict your desktop, AND > you're killing few more birds with this stone ( when you're > preparing /dev for your vservers not only about block-devices you > need to worry about, /dev/mem for example is a character device. ). the blockdevice was just an example because of the fdisk part. And no, i had no intention of doing this for desktops. JonB _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver