Re: 2001-05-27 patch against 2.4.5

From: Crispin Cowan (crispinat_private)
Date: Wed May 30 2001 - 14:25:00 PDT

  • Next message: Chris Wright: "Re: sys_setpriority error"

    Greg KH wrote:
    > On Wed, May 30, 2001 at 01:46:21PM -0700, Crispin Cowan wrote:
    > >
    > > In LSM land: I can imagine someone wanting to make a LSM module that does
    > > essentially what VMWare does.  Anyone from VMWare, Plex86, or User Mode Linux
    > > on this list care to comment?
    > Why would you have to make a LSM module to do this?  UML (User Mode
    > Linux) works just fine today without having to do all of the hooks that
    > LSM requires.  It "just" runs as a user task like VMWare does.
    I'm not sure, which is why I invited comment from the various virtual machine
    projects.   There are differences:
       * VMWare and Plex86 emulate at the hardware level, sharing only the
         CPU instruction set with the host, and only a fraction of that (my previous
         rant on trapping & emulating privileged instructions).  They do this, in
         part, with a kernel module.  I don't know if this kernel module would benefit
         from LSM features.
       * User Mode Linux emulates at the OS layer, rather than the hardware layer.  So
         it shares a lot more with the host OS, but still needs to intercept system
         calls.  I don't know how UML does ths, so I don't know if it would benefit
         from having some LSM features.
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc.
    Security Hardened Linux Distribution:
    Available for purchase:
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed May 30 2001 - 14:26:37 PDT