Hubertus, The vserver context id (called xid) is part of the task_struct. The mod to rbce sounds pretty straightforward, but I will take you up on your offer to help.
Marc -----Original Message----- From: Hubertus Franke [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 07, 2004 5:25 PM To: [EMAIL PROTECTED] Cc: ckrm-tech Subject: Re: [ckrm-tech] rule based classification Marc, in a nutshell, the RBCE is a list of rules that are evaluated on classification invocation. Rules consist of a set of rule terms and a target class. A rule term specifies one particular kernel object attribute, a comparision operator (=,<,>,!) and a value expression. To speed up the classification process we maintain state with tasks about which rules and rule terms have been examined for a particular task and only reexamine those terms that are indicated by the event. RBCE provides rules based on task parameters ((pid, gid, uid, executable) and socket information (IP info). The rules in conjunction with the defined classes constitute a site policy for workload managment and is dynamically changable (See user interface section) into the RBCE. Hence, this approach ensures the separation of policy and enforcement. Assuming that the vserver context ID is accessible from the task struct, what you need to do, is define a new RULE_TERM_OPERATOR, add a new case statement under evaluate_rule. One also needs to deal with the rbce bitvector optimization, requiring a few more case statements (if at all). This is pretty straight forward. If you give me the field I can see whether I can help you out with this. Hope this helps.. -- Hubertus Marc E. Fiuczynski wrote: > Could someone give me an overview of how the rbce works? Specifically, I am > interested in modifying the rbce kernel support to be "vserver context ID" > aware. The main problem that I need to solve is that uid/gid's are not > unique across vserver contexts. E.g., UID 501 in context 2 and UID 501 in > context 3 are not the same thing, while rbce/ckrm would treat them as the > same. > > My thought is to enhance rbce/ckrm such that for a non-vserver enhanced > kernel, it always assumes that context=0. While for a vserver enhanced > kernel it will distinguish UID/GIDs by their context IDs. > > Cheers, > Marc > > > > > ------------------------------------------------------- > This SF.Net email sponsored by Black Hat Briefings & Training. > Attend Black Hat Briefings & Training, Las Vegas July 24-29 - > digital self defense, top technical experts, no vendor pitches, > unmatched networking opportunities. Visit www.blackhat.com > _______________________________________________ > ckrm-tech mailing list > https://lists.sourceforge.net/lists/listinfo/ckrm-tech > ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ ckrm-tech mailing list https://lists.sourceforge.net/lists/listinfo/ckrm-tech _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
