vserver LSM progress

About this list Date view Thread view Subject view Author view Attachment view

From: Chris Wright (chris_at_wirex.com)
Date: Wed Oct 24 2001 - 12:42:39 EDT


I started making a vserver module...so far so good ;-)

So far I have compute_creds, fork, ptrace and signal delivery ported
fairly cleanly. The vserver syscalls are stubbed out (and a cut 'n
paste away from implementation ;-)

Trouble spots:

* as Jacques mentioned, /proc won't go clean. my thought here was adding
  a /proc/vserver entry for the modified proc output, and using filesystem
  operations to protect the various vserver contexts from each other.
  thoughts?

* the scheduler changes won't fit into LSM as they are. this will
  likely remain a patch, unless we can do something sneaky ;-)

* the vserver adds four new fields to the task_struct: s_context,
  cap_bset, ipv4root and s_info. these need to be collapsed into one
  struct for LSM. is it necessary to maintain s_context and
  s_info->s_context, which appear to be the same?

thanks,
-chris


About this list Date view Thread view Subject view Author view Attachment view

This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:00 EDT