No announcement yet.

CL+CageFS+DA - Weird disk space for user / memory

  • Filter
  • Time
  • Show
Clear All
new posts

  • CL+CageFS+DA - Weird disk space for user / memory

    I have a problem (I tried to find similar topics without results).

    My server:
    Disks (soft raid 1) - 3TB
    128G RAM

    1 Problem
    I have a package for example 10G in Directadmin and I just created user with this.

    user A - 10G
    ssh access

    When I log into the user accont I see:
    [test@h1 ~]$ df -h
    Filesystem Size Used Avail Use% Mounted on
    /dev/md1 64G 7.7G 53G 13% /
    /dev/md3 3T 4.9G 3T 1% /tmp
    tmpfs 63G 908K 63G 1% /run/dbus
    tmpfs 63G 0 63G 0% /dev/shm

    from root: quota -v test
    Disk quotas for user test (uid 1006):
    Filesystem blocks quota limit grace files quota limit grace
    /dev/md1 84 0 0 23 0 0
    /dev/md3 148 10485760 11534336 99 1000000 1100000

    Why user can see whole of diskspace? I mean 3TB of whole disk if is jailed in cagefs and has correct quota?

    2 Problem
    user can see whole of available and taken RAM

    [test@h1 ~]$ free -m
    total used free shared buff/cache available
    Mem: 128580 1773 118818 8 7987 125579
    Swap: 0 0 0

    Is it possible to hide whole available ram from user?

  • #2

    LVE/CageFS is not meant to be a containerization technology, so it works as expected from what I can see. Heres what CageFS restricts:

    - Only safe binaries are available to user
    - User will not see any other users, and would have no way to detect presence of other users & their user names on the server
    - User will not be able to see server configuration files, such as Apache config files.
    - Users will have limited view of /proc file system, and will not be able to see other users processes


    • #3
      Ok, I understand. I was wondering about this cause I have few servers with basic centos and debian with chrooted users and also quota enabled and user can only show what have in quota.

      User A with 10GB see only 10GB without any of other params so I was wondering why cloudlinux shows all informations.
      Yes CageFS is the best if we are talking about security after few tweak (like symbolic links etc from your documentation) and all of your advantages.

      I was wondering, just like that.

      Tell me also - You documents are only about CL7 but CL8 was rolled out many months ago. CL8 is still unstable/testing?

      even your screens>

      have "testing" info.


      • #4
        Thank you for bringing that up to our attention - we will update the images soon.
        Yes, CloudLinux OS 8 is stable and can be used on production systems.