[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Automated package testing (Re: Is Sid for broken stuff? Is it too much to ask for testing the packages?)

On Fri, Dec 13, 2002 at 01:17:34PM -0500, Matt Zimmerman wrote:
> > vserver provides this as well, with the exception that it does not provide
> > virtual consoles for init.
> My interpretation of the documentation was that it simply did not allow
> processes in different contexts to see each other, but they shared a PID
> space.  Is this incorrect?  (i.e., could there be two processed with PID 1?)

That is correct, but there is a special provision to allow init to be PID 1
in every context.

It is not possible, in any case, send signals to/use IPC with/etc processes
in a different context.

> seems to only address two common methods; I do not know that anyone has even
> investigated whether further escapes from vserver are possible.

What are the other methods you're thinking of?

> Security concerns aside, I'd like to see someone implement similar ideas in
> vserver alongside what I want to do with UML, to see how they compare in
> practice.


One problem we have right now is that "vserver enter" doesn't work when the
vserver is running a different libc than the host.  I haven't quite been
able to wrap my head around why that is the case yet!

In most cases, that doesn't matter; I just ssh into my vservers anyway.  But
in this particular application, it may make things a little more difficult.

-- John

Reply to: