[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: net-tools future

Marco d'Itri dijo [Fri, Mar 20, 2009 at 12:14:53PM +0100]:
> > trouble for embedded or limited ones.  I don't do embedded personally so I
> > have no idea how udev fares there, but I can tell you that vservers and udev
> > don't go well together.  Udev expects a real system where there's none and
> > then gets confused -- vserver is hardly more than a glorified chroot, nearly
> > identical to BSD jails.  You want every container to be small and simple.
> This is why you install udev in the host system and bind-mount its /dev
> to the /dev of each context.
> vserver and openvz are not relevant for the purpose of this discussion.

!?!

$ sudo vserver backups enter 
# ls /dev/
core  full     log   ptmx  ram     shm     stdin   tty      xconsole
fd    initctl  null  pts   random  stderr  stdout  urandom  zero
# mount
/dev/hdv1 on / type ufs (defaults)
none on /proc type proc (defaults)
none on /tmp type tmpfs (size=16m,mode=1777)
none on /dev/pts type devpts (gid=5,mode=620)
# mknod /dev/sda b 8 0
mknod: `/dev/sda': Operation not permitted

Yes, there is a small perception bug here (i.e. there is no
/dev/hdv1), but still - I don't want a vserver to be able to mess with
any of my physical devices!

-- 
Gunnar Wolf - gwolf@gwolf.org - (+52-55)5623-0154 / 1451-2244
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973  F800 D80E F35A 8BB5 27AF
Reply to: