http://linux-vserver.at/api.php?action=feedcontributions&feedformat=atom&user=PeftSoateLinux-VServer - User contributions [en]2026-04-09T20:27:47ZUser contributionsMediaWiki 1.20.2http://linux-vserver.at/Talk:Secure_chroot_BarrierTalk:Secure chroot Barrier2013-06-05T03:05:37Z<p>PeftSoate: /* I like it - replica rolex */ new section</p>
<hr />
<div># setattr --barrier /vservers<br />
# showattr /vservers<br />
*NOTE: when setting xattrs on reiserfs, please not that the filesystem has to be mounted explicitly with 'attrs' option, i.e.: mount /dev/reiserfsdev /vservers -oattrs to get the barrier survive after umount/reboot.<br />
<br />
Seems insufficient. You need to set --barrier for every existing and NEW directory except those below /vservers/. as the suggested command protects only against chdir ..<br />
<br />
Why? The fchdir.<br />
<br />
Am I right?<br />
<br />
once you gain root inside the scure chroot:<br />
<br />
may you gain access to the device node?<br />
<br />
i/o ports not restricted?<br />
<br />
<br />
# Accoring to http://oldwiki.linux-vserver.org/Step-by-Step+Guide+2.6: "On Linux 2.6 this isn't really necessary, since another mechanism is used to lock in the guests anyway" - maybe someone could elaborate on this and put it in the article, please<br />
<br />
== I like it - replica rolex ==<br />
<br />
http://www.4shared.com/office/Vyqcuq2o/rolex_sea_dweller_replica.html<br />
http://www.divshare.com/download/24180036-346<br />
http://en.calameo.com/read/00248389233c3cef73745<br />
http://depositfiles.com/files/hset3pq9e<br />
http://www.authorstream.com/Presentation/barrybhall648-1839710-replica-rolex-cellini/</div>PeftSoate