On Sat, Oct 11, 2003 at 06:16:05AM +0300, Alex Lyashkov wrote: > On Friday 10 October 2003 20:33, Jacques Gelinas wrote: > > On Thu, 9 Oct 2003 07:04:02 -0500, Alex Lyashkov wrote > > > > > > This is probably a minor problem, but if we want to support vservers > > > > inside vserver we must allow mount ? This is a problem. mount let you > > > > DOS a machine. Further, mount is covered by a very broad capability. > > > > > > > > Am I missing something ? > > > > > > yes. > > > In private namespace created _private_ mounts tree. > > > i see one posible DDoS - you can be use it for kernel exhaust memory when > > > do many many mounts. > > > What DDoS you see ? > > > > Mounting a broken file system can brind the OS down. > for mount broken file system - host administrator need allow to use broken > modules or had broken filesystems on hard disk and add node this device to > vps. it`s right ? > if other - please detail this DDoS for i can test it.
do you allow raw block device access? best, Herbert > -- > With best regards, > Alex > _______________________________________________ > Vserver mailing list > [EMAIL PROTECTED] > http://lists.tuxbox.dk/mailman/listinfo/vserver
