Marc, in a nutshell, the RBCE is a list of rules that are evaluated on classification invocation.
Rules consist of a set of rule terms and a target class. A rule term specifies one particular kernel object attribute, a comparision operator (=,<,>,!) and a value expression. To speed up the classification process we maintain state with tasks about which rules and rule terms have been examined for a particular task and only reexamine those terms that are indicated by the event.
RBCE provides rules based on task parameters ((pid, gid, uid, executable) and socket information (IP info). The rules in conjunction with the defined classes constitute a site policy for workload managment and is dynamically changable (See user interface section) into the RBCE. Hence, this approach ensures the separation of policy and enforcement.
Assuming that the vserver context ID is accessible from the task struct, what you need to do, is define a new RULE_TERM_OPERATOR, add a new case statement under evaluate_rule. One also needs to deal with the rbce bitvector optimization, requiring a few more case statements (if at all). This is pretty straight forward. If you give me the field I can
see whether I can help you out with this.
Hope this helps..
-- Hubertus
Marc E. Fiuczynski wrote:
Could someone give me an overview of how the rbce works? Specifically, I am interested in modifying the rbce kernel support to be "vserver context ID" aware. The main problem that I need to solve is that uid/gid's are not unique across vserver contexts. E.g., UID 501 in context 2 and UID 501 in context 3 are not the same thing, while rbce/ckrm would treat them as the same.
My thought is to enhance rbce/ckrm such that for a non-vserver enhanced kernel, it always assumes that context=0. While for a vserver enhanced kernel it will distinguish UID/GIDs by their context IDs.
Cheers, Marc
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
ckrm-tech mailing list
https://lists.sourceforge.net/lists/listinfo/ckrm-tech
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
ckrm-tech mailing list
https://lists.sourceforge.net/lists/listinfo/ckrm-tech
_______________________________________________
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver
