Re: Anyone tried the "vserver" patch?

• Previous message: Chris Wright: "Re: free inode security blob"
• Maybe in reply to: Timothy Covell: "Anyone tried the "vserver" patch?"
• Next in thread: Chris Wright: "Re: Anyone tried the "vserver" patch?"
• Reply: Chris Wright: "Re: Anyone tried the "vserver" patch?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 5 Dec 2001 16:58:16 -0500, Chris Wright wrote

> a couple things i don't like:
> - i persnoally don't like the reliance on chroot(), as it wastes disk space
>   -- and no i don't like the vunify solution either.  (also, make note...if
>   your vserver has CAP_SYS_CHROOT, the root user in the vserver can break
>   out).

No. This has been tested. Since 2.4.10, all tests we did failed.

> - i don't like that it touches ext2 and ext3 directly.  this makes it
>   brittle w.r.t. filesystems (something we specifically don't do in LSM).

No way out if we want to have a workable unification with hard links.

---------------------------------------------------------
Jacques Gelinas <jackat_private>
vserver: run general purpose virtual servers on one box, full speed!
http://www.solucorp.qc.ca/miscprj/s_context.hc

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Chris Wright: "Re: Anyone tried the "vserver" patch?"
• Previous message: Chris Wright: "Re: free inode security blob"
• Maybe in reply to: Timothy Covell: "Anyone tried the "vserver" patch?"
• Next in thread: Chris Wright: "Re: Anyone tried the "vserver" patch?"
• Reply: Chris Wright: "Re: Anyone tried the "vserver" patch?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 07 2001 - 16:19:33 PST