Hmmm - does this work with devfs?
> > [Why I'm asking? I'm trying to find ways to take over the machine. Do
> > you want to give me root on your machine stating that I can't
> > interfere?]
>
> Indeed, I could give you a root password on a vserver and you would not be
> able to interfere. Sure enough you would be able to grab resource and slow
> down the machine (and potentially work out a DOS attack). We are working
> on the schedular right now to solve those issues.
Have you looked at the "fairsched" patch for this? It seems to be
unmaintained since 2.4.0-testXX, but look close to your needs...
> But there is no need to open a crackme vserver. Install it on your machine,
> build a vserver.
The question, I think, was would YOU give out root access on vservers on
YOUR box, and be confident people wouldn't be able to escape? :-)
> > You might want to announce this on bugtraq. [And give solar designer
> > root account, he might be more creative ;)].
>
> You don't understand the issue. Anyone can create his own vserver. The
> system call controlling this are very simple. It is not a "try to
> crack my machine" contest. Anyone can create a vserver and test it.
But can you crack your way OUT of the vserver - how confident are you in
the isolation provided?
James.
-- "Our attitude with TCP/IP is, `Hey, we'll do it, but don't make a big system, because we can't fix it if it breaks -- nobody can.'""TCP/IP is OK if you've got a little informal club, and it doesn't make any difference if it takes a while to fix it." -- Ken Olson, in Digital News, 1988
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/