On Feb 03, Bastian Blank <wa...@debian.org> wrote: > > http://blog.bofh.it/debian/id_413 > This example shows nothing new. If you have CAP_SYS_MOUNT, you can also > just mount the root filesystem into your own tree. > > Linux-VServer does not help against processes with too much > capabilities, not sure about OpenVZ. OpenVZ does: /sys is there but you cannot use it to influence the host (because it was designed from ground up to be secure).
> > > * how to execute a command in a running VM? lxc-execute complains that > > > the > > Lack of something like VE_ENTER also makes it unsuitable for me. > ssh works. Not for my use case, I wrote a pam_vz module which removes the need to have sshd, ftpd and cron in guests. -- ciao, Marco
signature.asc
Description: Digital signature
