vserver 0.28 changes log

vserver 0.28 changes log

previous versions: 0.27
Change log index

Enhancements

/usr/sbin/vserver --verbose

The --verbose option was used so we can learn what vserver is doing when it setups the IP aliases.

New man page vserver.conf.5

This man page describe the format of the configuration file in /etc/vservers.

Running v_xxx service with the loopback

The v_xxx service (v_sshd and friends) are provided to help running service on the root server without interfering with similar services in the virtual servers. The various v_xxx services achieve this by starting the corresponding xxx services using chbind to restrict the IPs they are allowed to bind.

Previously, all those services were bound to eth0 only. Now by default (unless overridden in /etc/vservices/xxx.conf) the services are bound to 127.0.0.1 and eth0.

This solves for one the problem with ssh X11 port forwarding since ssh assumes connections are done on localhost (127.0.0.1) and not eth0.

Bug fixes

chbind: --ip without parameter

chbind was improperly parsing its command line and was crashing if the option --ip was used without value.

Security issue with vserver 0.27

vserver 0.27 on vs-1.1 kernels was not setting the capability ceiling properly, providing vservers with too much power.