also sprach Marcel Hicking <email@example.com> [2002.01.09.1428 +0100]: > I'd go for real partitions. No worries with quotas, and > faster than NFS anyway. i guess, but then it couldn't use accounting on the IP level for that traffic. UML *does* support hostfs, which is wicked cool! so i'll use that for all partitions that i mount into the VM that aren't to be accounted. /usr for instance, and /usr/local. and /home. > Guess you could also use a hidden primary configuration. > Your publically announced NS is actually configured as > slave getting updates from the virtual binds. You might > even be ablel to run the official master bind on a > different machine for additional securtity. In case someone > manages to break out of the the virtual machine jail, he > won't be able to mess with your dns too much. > I run this sort of config here and there where somewhat > trusted customers want to have control over their zones. sure, but then their DNS traffic wouldn't be accounted. that's why their servers should actually answer. but in the end, DNS isn't a lot of traffic (if you're not a root server or otherwise big, and if you didn't screw up your SOA, so whatever... i might just ignore that.) > Basically this sounds fine to me. Not sure about the ssh > business, either. Not a nice and clean solution yet. yes. that and HTTPS. oh well... > I'd be really intersted in how the project goes. > Kept us up to date! will do. > > this all has to be implemented remotely ;) > > Apart from setting up a base system, i've never done > anything _not_ remotely ;-) me neither. word up! all it requires as root is a kernel install and a couple of configs like NFS (or coda). the rest is user-mode. i thought that the host kernel has to be majorly enabled, which would have been dangerous. but all i need it the TUN/TAP module support... -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck kermit: why are there so many songs about rainbows? fuzzy: that's part of what rainbows do.
Description: PGP signature