Daniel W. Crompton wrote: > On 3/16/07, Daniel Hokka Zakrisson <[EMAIL PROTECTED]> wrote: >> Daniel W. Crompton wrote: >>> After reading Jean-Marc's answer I thought it could also be the fact >>> that you might just need to create /dev/mem. >> >> You absolutely never ever want to do that, if you care the least about >> the >> guest being secure... /dev/mem would give it complete access to the >> contents of your RAM. > > Seriously if you care about your guest being secure you make sure that > the host doesn't have physical network access. If you want to be able > to run certain programs in a guest you sometimes need rights which are > available to only the host. That's the whole point of caps.
Which should not be taken as lightly as "you just need to create XYZ". It's something that essentially voids the entire virtualization/isolation that Linux-VServer provides... -- Daniel Hokka Zakrisson _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
