What with all of OVZ's semi-recent changes (vzctl 4.9) along with the last two kernels allowing containers' access to /proc/cgroups (and other areas of the HWN) I decided fart around in QA. I set LOCAL_UID and LOCAL_GID values in my vz.conf and enabled the sysctl/postcreate scripts, spooled up two CTs with 12.04 and 14.04, installed MATE and Kubuntu, and look, Chromium!
Back when I last read about this, if you could get it to start from a container, outside of sandbox mode (or at all, really), it was essentially because of a security flaw/some sort of arbitrary access to the HWN...hence the adjacent homework in the other tabs.
Is this common knowledge now and I'm just way behind on this one?
Do you think it's trustworthy (as it relates to the VPS itself)?
Anyone else wanna try it out on their own? 042stab106.x - 107.x with vzctl 4.9.
Have fun,
-Edel
Back when I last read about this, if you could get it to start from a container, outside of sandbox mode (or at all, really), it was essentially because of a security flaw/some sort of arbitrary access to the HWN...hence the adjacent homework in the other tabs.
Is this common knowledge now and I'm just way behind on this one?
Do you think it's trustworthy (as it relates to the VPS itself)?
Anyone else wanna try it out on their own? 042stab106.x - 107.x with vzctl 4.9.
Have fun,
-Edel
Last edited by a moderator:
