Quoting James Morris (jmorris@private): > On Wed, 29 Jun 2005, Stephen Smalley wrote: > > > > The attached task-lookup patches? > > > > Not sure it provides much value. > > If yoy need this, why not look at proper isolation via Xen? Xen may be overkill for some cases, as you need (almost) a whole OS for each jail. Zones and bsd jails (I believe) should easily be able to run hundreds of jails - provided of course they don't all peak at once. Don't get me wrong, I'm a big fan of virtualization, and while I don't get to right now, IBM is putting a lot of effort into Xen. > LSM is about access control, not virtualization. And jails require some amount of access control. I don't want to introduce a new LSM for this, but just put together the various existing (and not-yet-existing) pieces into an easy to use package. thanks, -serge
This archive was generated by hypermail 2.1.3 : Wed Jun 29 2005 - 11:37:01 PDT