AW: [Users] VPS capabilities
Kirill Korotaev
dev at sw.ru
Wed Oct 10 06:04:20 EDT 2007
Most likely there answer is - possible, but not easily.
vzctl requires access to some of vps files, global
configs, ve configs etc. Theoretically it can be fixed
and adopted (e.g. to have 2 global configs: one in VE0 for
admin VPS start and one in admin VPS; files from all VEs
can also be accessiable via bind mount to admin VE),
but on practice no one tried it.
Thanks,
Kirill
Dietmar Maurer wrote:
> Ah -i see. So it is possible to run vzctl inside a vps and do most vps
> admin tasks there?
>
> - Dietmar
>
>
>>>VE_ADMIN
>>
>>it is a restricted subset of CAP_SYS_ADMIN+CAP_NET_ADMIN capability for
>
> VE root.
>
>>it allows to do a lot of thing allowed for std root, like configuring
>
> firewalls,
>
>>network devices, etc. but not everything, e.g. VE root can't change
>
> mtrr
>
>>registers, can't issue raw SCSI commands, etc.
>
>
>
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://openvz.org/mailman/listinfo/users
>
More information about the Users
mailing list