[EMAIL PROTECTED] (Stephen Harris) writes: >> /usr/sbin/vserver prometheus exec /bin/rm -f >> /var/spool/qmailscan/quarantine/new/* > ... > However, why not just use the host to remove the files?
Because of symlinks like | /vservers/prometheus/var/spool/qmailscan/quarantine/new -> /etc or an other filesystem layout because of different namespaces. The security relevant part of the first issue can be workarounded by tools like 'chroot-sh' and the second issue by 'vnamespace -e'. But 'vserver ... exec' is more cleaner and solves the functionality relevant part of the first issue also. > /bin/rm -f /vservers/prometheus/var/spool/qmailscan/quarantine/new/* Enrico
pgpAiBXOlYLkc.pgp
Description: PGP signature
_______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver