Re: integration with LSM ?

About this list Date view Thread view Subject view Author view Attachment view

From: Chris Wright (chris_at_wirex.com)
Date: Tue Oct 23 2001 - 21:47:51 EDT


* Rik van Riel (riel_at_conectiva.com.br) wrote:
> On Tue, 23 Oct 2001, Jacques Gelinas wrote:
>
> > > i've started looking at making a vserver LSM module. it looks like it
> > > won't be too tough, and i think vserver might get some new protection.
>
> > > are people interested in this?
>
> I'm in. This will make vserver easier to add to the kernel and
> will give us a stable syscall interface...

yes, this alone is nice ;-)
>
> One minor nitpick, 'vserver <foo> build' could use 'mount --bind'
> on the 2.4 kernels; this would save both disk space and memory use,
> and 'mount --bind' also accepts options like read only mounts so
> root inside the vservers cannot mess with the files.

mount --bind does not honor mount flags, must remount to change
flags. also, readonly is per superblock, so you can't have something
that is writable in one mount and readonly in another, fwiw.

-chris


About this list Date view Thread view Subject view Author view Attachment view

This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:00 EDT