CVS server in a user-mode-linux
Hello Debian-security list,
I have experimented with running an anonymous CVS server inside
user-mode-linux. So far this seems to work well and hopefully should
enhance security a bit. The host kernel has the skas patch.
I use hostfs to mount only the repositories inside the UML.
I have limited the UML memory to 128Mb.
Performance are quite sufficient for the server usage since load stay close
The only problem is that the server need write access to the repository
in order to create locks (which are directories, IIUC). I have not yet
find a way to only allows the server to create locks, but to change
Do you have any ideas to improve the security ?
Cheers, [Please CC me]
Imagine a large red swirl here.