On Thursday 14 August 2003 01:32, Herbert P�tzl wrote:
>
> why not real virtualization? simple, because in current
> ctx-world the context does not know which mounts would
> belong to him, because there is no namespace abstraction ...
>
> HTH,
> Herbert
>
>
> no /proc/mounts ...
disable see /proc/mounts can do more simple.
i do it in last patches
diff -cr2P linux-2.4.18-27.7/fs/proc/base.c../linux-2.4.18-27.7/fs/proc/base.c
*** linux-2.4.18-27.7/fs/proc/base.c Tue Jun 10 12:21:10 2003
--- ../linux-2.4.18-27.7/fs/proc/base.c Tue Jun 10 12:18:08 2003
***************
*** 250,257 ****
extern struct seq_operations mounts_op;
static int mounts_open(struct inode *inode, struct file *file)
{
struct task_struct *task = inode->u.proc_i.task;
! int ret = seq_open(file, &mounts_op);
if (!ret) {
--- 251,267 ----
extern struct seq_operations mounts_op;
+
static int mounts_open(struct inode *inode, struct file *file)
{
struct task_struct *task = inode->u.proc_i.task;
! int ret ;
!
!
! if( task->s_context != &root_context)
! {
! return -EPERM;
! }
!
! ret = seq_open(file, &mounts_op);
if (!ret) {
patch in open /proc/mounts return "permision deny".
--
With best regards,
Alex
