Christian Mayrhuber wrote:
Could become interesting:The process-oriented ACL seems functionality equivalent to grsec process-based ACLs.
http://www.namesys.com/blackbox_security.html
One disadvantage of grsec + vserver is that ACLs are applied system-wide and must be administered on the mother server. The same applies to iptables rules.
The advantage of Reiser's views model is that since they are defined on the file attributes they can be defined inside the scope of the children vservers so each vserver admin will be able to define his own ACLs just by defining ACL attributes on every file to be execcuted.
The VPS administrators using Reiser 4 will be able to define process-oriented ACLs as they wish whenever they wish while VPS administrators using grsec ACLs must rely on their host system administrator to apply the rules as they better understand.
What do you think, maybe views instead of chroot() + mount --bind?
_______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
