On Thu, 20 Feb 2003 18:16:05 -0500, Herbert Poetzl wrote > On Thu, Feb 20, 2003 at 04:26:19PM +0000, Jonathan Sambrook wrote: > > I'm looking at the ctx patch for DSVR to see how we could integrate it > > into our operation (see http://www.dsvr.co.uk). > > hmm, maybe you could elaborate a little bit > on your plans regarding the "operation" > > > We'd like vserver users to be as ignorant of their vserver-ness as > > possible, hence cloaking /proc/self/status. > > but what about the other 10 or 20 indices for > a virtual server environment? (e.g. mknod, ethernet > etc ...) or do you give all capabilities?
I like the ability to control this on a vserver basis instead of globally. In the current vserver implementation, there is a flag called hideinfo. All utility correctly pass this flag and set it in the kernel in the security context structure. So by testing this flag instead, one can hide whatever it wants, on a vserver basis. I suggest a rework of the patch using this flag. comment ? --------------------------------------------------------- Jacques Gelinas <[EMAIL PROTECTED]> vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc
