On Fri, Dec 19, 2003 at 05:46:11PM +0100, Bill Allombert wrote: > Hello Debian-security list, > > I have experimented with running an anonymous CVS server inside > user-mode-linux. So far this seems to work well and hopefully should > enhance security a bit. The host kernel has the skas patch. > > I use hostfs to mount only the repositories inside the UML. > I have limited the UML memory to 128Mb. > > Performance are quite sufficient for the server usage since load stay close > to 0. > > The only problem is that the server need write access to the repository > in order to create locks (which are directories, IIUC). I have not yet > find a way to only allows the server to create locks, but to change > nothing else.
You can use a separate lock directory by setting LockDir in CVSROOT/config.
