Re: 2001-05-27 patch against 2.4.5

From: Greg KH (gregat_private)
Date: Thu May 31 2001 - 06:23:41 PDT

  • Next message: Jesse Pollard: "Re: sys_setpriority error"

    On Wed, May 30, 2001 at 02:25:00PM -0700, Crispin Cowan wrote:
    > I'm not sure, which is why I invited comment from the various virtual machine
    > projects.   There are differences:
    >    * VMWare and Plex86 emulate at the hardware level, sharing only the
    >      CPU instruction set with the host, and only a fraction of that (my previous
    >      rant on trapping & emulating privileged instructions).  They do this, in
    >      part, with a kernel module.  I don't know if this kernel module would benefit
    >      from LSM features.
    VMWare, Plex86, Win4Lin and others access below the kernel as you said.
    LSM doesn't make much sense for them, as it lives within the kernel,
    controlling access to specific parts of it.
    >    * User Mode Linux emulates at the OS layer, rather than the hardware layer.  So
    >      it shares a lot more with the host OS, but still needs to intercept system
    >      calls.  I don't know how UML does ths, so I don't know if it would benefit
    >      from having some LSM features.
    UML runs as a normal task on top of any given kernel.  The base kernel
    that is running is not modified at all.  The UML kernel looks like a
    separate port of the kernel (a different arch tree) to virtualize
    portions of the kernel itself.  So it lives above LSM in the base kernel
    and can't use it.
    But the hooks for the arch specific portions of the LSM will have to be
    added to the UML code, which should be relatively easy, as it is now part
    of the -ac kernel series.
    greg k-h
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Thu May 31 2001 - 07:33:16 PDT