Re: [vserver] many services - 1 IP.

About this list Date view Thread view Subject view Author view Attachment view

From: Vlad (
Date: Thu Feb 14 2002 - 10:06:54 EST

I think thats the basis for chroot - it binds the new context to an ip
address... otherwise you might as well just set up a generic chroot for
each service..

What you can try and do is create your vservers in private address space
(192.168, 10.0.) and then do port forwards from the 1 real ip address..


On 14 Feb 2002, klavs klavsen wrote:

> Hi guys,
> I need to install and maintain 6 kind of servers.
> 1, with samba and openldap, 1 with Postfix, courier-imap, OpenLdap and
> Apache and so forth.
> what i wanted to do, is to have them all installed on 1 physical
> machine, under each vserver.
> I was thinking, that it would be a good idea to chroot each service on
> each server, so that a vulnerability in one, doesn't put the other
> services on that machine in danger. Unfortunately chroot is not safe
> (see earlier mail on this list).
> I've read the docs on the site, but it's not really clear to me if can
> do this, and how this compares to doing the same with chroot (except for
> the fact that chroot is not safe and vserver is :-)
> My questions therefore are these:
> Can I "chroot" each service on each vserver - without having to create a
> new vserver (with a new IP) for each service?
> In the case of postfix and courier-imap can two "chroot" jails share the
> same files (the maildir)?
> A final question, if I install ssh on each vserver - and the services
> are chrooted - will the ssh-users still be able to configure them? -
> they would with a normal chroot, so that shouldn't be a problem?

About this list Date view Thread view Subject view Author view Attachment view

This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:01 EDT