On Wed, May 30, 2001 at 02:25:00PM -0700, Crispin Cowan wrote: > > I'm not sure, which is why I invited comment from the various virtual machine > projects. There are differences: > > * VMWare and Plex86 emulate at the hardware level, sharing only the > CPU instruction set with the host, and only a fraction of that (my previous > rant on trapping & emulating privileged instructions). They do this, in > part, with a kernel module. I don't know if this kernel module would benefit > from LSM features. VMWare, Plex86, Win4Lin and others access below the kernel as you said. LSM doesn't make much sense for them, as it lives within the kernel, controlling access to specific parts of it. > * User Mode Linux emulates at the OS layer, rather than the hardware layer. So > it shares a lot more with the host OS, but still needs to intercept system > calls. I don't know how UML does ths, so I don't know if it would benefit > from having some LSM features. UML runs as a normal task on top of any given kernel. The base kernel that is running is not modified at all. The UML kernel looks like a separate port of the kernel (a different arch tree) to virtualize portions of the kernel itself. So it lives above LSM in the base kernel and can't use it. But the hooks for the arch specific portions of the LSM will have to be added to the UML code, which should be relatively easy, as it is now part of the -ac kernel series. greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu May 31 2001 - 07:33:16 PDT