chroot semantic, network devices

About this list Date view Thread view Subject view Author view Attachment view

From: Jacques Gelinas (
Date: Thu Jan 24 2002 - 13:03:55 EST

From the various post on the vserver mailing list this morning and the post
on linux mailing list, I came with this conclusion.

-Fixing chroot is doable, but may break stuff. The best solution would
 be to close handle to directories in the chroot syscall to prevent the
 fchdir() thing.

-Many people don't see a need for chroot in chroot. But for vserver
 it is mandatory. I mean, a vserver may want to run an anonymous
 ftp service which uses chroot.

-My current fix (one line at the top of namei.c:vfs_permission()) is simple
 and works whatever happen to chroot.

-I will change vserver to it complains about permission of /vservers/xx/..
 It won't change it.

-/vservers will be created with permission 000 when missing.

---- network devices

I have fixed the network devices visibility issue. 2 lines in 2 places. Rather easy
and simple. There is still the /proc/net/dev issue, but this is not that much an
issue since the new vproc (still to be done, any taker) will take care ot
/proc/net visibility.

This makes vservers a little cleaner. I like to see only my stuff in vservers. When
I do


I only see the relevant processes, just my stuff, not the special kernel threads. Its
clean and you really see what is going on. So now, doing


you see your stuff instead of a hundred IP aliases...

I will publish a new version tomorrow. I have to review many patches
which were submitted. Sorry for the delay.

Jacques Gelinas <>
vserver: run general purpose virtual servers on one box, full speed!

About this list Date view Thread view Subject view Author view Attachment view

This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:00 EDT