Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20120812183359.GA3000@albatros>
Date: Sun, 12 Aug 2012 22:33:59 +0400
From: Vasily Kulikov <segoon@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: segoon's report #16

Solar,

On Sun, Aug 12, 2012 at 22:22 +0400, Solar Designer wrote:
> Where's the updated patch?  Can you post it in here for now?

Sorry, haven't posted a link.  The yet-at-testing-stage patch:

ftp://ftp.ru.openwall.com/pvt/segoon/pub/kernel-2.6.32-owl.patch

> > TODO
> > - set sysfs umask/gid for container by vzctl.
> 
> Is this needed, and why?

As I've written in one of my previous mails, the problem is that the choice of
restricting sysfs must be made exactly at CT creation time as many kobjects
are created when CT is initialized.  So, the vzctl must pass this info to the
kernel.

> Do we have similar functionality for procfs or whatever?

No, procfs only needs CT's mount option setting.  For sysv init it's
sufficient to change options in /etc/fstab, but modern inits mount /proc
before they parse /etc/fstab and simply ignore procfs mount options.  Either
they should be patched (the best way in the long term) or procfs should be
remounted somewhere in init scripts.

Thanks,

-- 
Vasily

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.