Greg KH wrote:
> On Wed, May 30, 2001 at 01:46:21PM -0700, Crispin Cowan wrote:
> >
> > In LSM land: I can imagine someone wanting to make a LSM module that does
> > essentially what VMWare does. Anyone from VMWare, Plex86, or User Mode Linux
> > on this list care to comment?
>
> Why would you have to make a LSM module to do this? UML (User Mode
> Linux) works just fine today without having to do all of the hooks that
> LSM requires. It "just" runs as a user task like VMWare does.
I'm not sure, which is why I invited comment from the various virtual machine
projects. There are differences:
* VMWare and Plex86 emulate at the hardware level, sharing only the
CPU instruction set with the host, and only a fraction of that (my previous
rant on trapping & emulating privileged instructions). They do this, in
part, with a kernel module. I don't know if this kernel module would benefit
from LSM features.
* User Mode Linux emulates at the OS layer, rather than the hardware layer. So
it shares a lot more with the host OS, but still needs to intercept system
calls. I don't know how UML does ths, so I don't know if it would benefit
from having some LSM features.
Crispin
--
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution: http://immunix.org
Available for purchase: http://wirex.com//Products/Immunix/purchase.html
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed May 30 2001 - 14:26:37 PDT