Salve Herbert! Herbert Poetzl schrieb am Donnerstag, den 06. Juli 2006 um 13:10h:
> > but on the next day /usr/sbin/safe_asterisk does > > not found /dev/tty9..... /dev/pts/31 exist only > > for my bash, after exiting this bash, also > > /dev/pts/31 has been gone, and so this "hack" > > does not work... ;( > > precisely, either you _want_ that output to go > somewhere, then you have to 'provide' a real vc > terminal or to make asterisk 'create' it on startup > (by requesting a new one, like e.g. screen does) Exactly. > you could, for example, use screen to provide that > pseudo terminal without modifying asterisk I have to play more with screen/dtach - could screen create performance or other problems? IMHO does screen does much more than to just create a pseudo terminal and to slow asterik significant. > better use /dev/vc/9 (c:4:9 or the udev equiv) but > basically you 'could' create the device for the guest > on the host side, and the guest will be able to use > it, just be careful _what_ you give to your guests :) > > So [EMAIL PROTECTED] can indirectly create dumy devices > > and there is still no tool like mknode for vserver > > - because it is not so neccessary and does not > > have such a high priority - right? > > no, > because it is a big can of worms and a security > issue, just imagine somebody creating a block device > which 'accidentially' is identical to your host's > root partition, and then starts modifying stuff at > a very low level :) You mean [EMAIL PROTECTED] could do things with the power of [EMAIL PROTECTED] I can understand that it is good that [EMAIL PROTECTED] can't dump the RAM, read the bios etc... and everybody who setup his own vserver is happy about a securiy gain - but it is a bit different for people who rent a vserver and are only [EMAIL PROTECTED] BTW I'm in favor that by default every vserver installation creates a Vserver-README inside the root directory for every guest instance and a [EMAIL PROTECTED] ISP are promoting vserver with "full root access" As far as I know yet root-guest can't use: iptables, ping, tracerout, ntp, mknod so some misunderstandings or noise on mailinglist will come automaticaly. When I know more about vservers, I will try to contribute in that way... But back to the topic "could [EMAIL PROTECTED] use mknod". Theoreticaly would it possible to add this feature with a vmknode and a tool for [EMAIL PROTECTED] that guest could create a block devices of their own without harming other guests or the host itself but it seems not to be a planed feature for vserver. It's unthankful that people asking everytime about errors or thinks that are not supported But I'm thankful about the vserver project and that you have the focus on security Greetings, rob _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver