[luau] INFO: Heavy duty storage needs
MonMotha
monmotha at indy.rr.com
Fri May 3 18:49:46 PDT 2002
Never used vserver, but no, you can't do that with UML. I usually just
reboot the UML when I make a config change if it's not a "mission
critical" service as that only takes a few seconds since the bootup
procedure is pretty simple (basically just start the daemon in
question). For systems that require hot config tuning without a full
virtual server restart, I would probably make a bare minimum little
daemon that just sends the restart command (often just a SIGHUP) to the
daemon whenever you connect to it, then protect this daemon with ingress
filtering (iptables) on the host system. Ugly, and there is a potential
for DoS attacks if the ingress filter is compromised, but it would work.
I'm not sure, but the UML console might also allow the sending of
signals to arbitrary processes. If it doesn't, well you have the source :)
I haven't set up very many of these UML jails (only 1 really, it was for
an apache server), so I can't really say much.
--MonMotha
Warren Togami wrote:
> ----- Original Message -----
> From: "MonMotha" <monmotha at indy.rr.com>
> To: <luau at videl.ics.hawaii.edu>
> Sent: Friday, May 03, 2002 11:15 AM
> Subject: Re: [luau] INFO: Heavy duty storage needs
>
>
>
>>I've used UML before to isolate services. Ever tried breaking out of a
>>chroot jail? This is even better. Ever tried breaking a system where
>>the only thing available is a readonly root filesystem with a single
>>daemon and a few required utils? Gotta love UML :)
>>
>>--MonMotha
>>
>
> Yeah, vserver is very similar, except with lower overhead. Can you enter
> individual UML security contextes with a bash shell in order to restart a
> service after a config file change?
>
> _______________________________________________
> LUAU mailing list
> LUAU at videl.ics.hawaii.edu
> http://videl.ics.hawaii.edu/mailman/listinfo/luau
>
>
More information about the LUAU
mailing list