On Wed, Oct 01, 2003 at 12:15:36PM -0700, Chris Wright wrote: > * Rik van Riel ([EMAIL PROTECTED]) wrote: > > On Wed, 1 Oct 2003, Chris Wright wrote: > > > > > Multiplexing, future functionality, etc...this reasoning was shot down > > > before. The preferred method was to have well-typed interfaces that > > > are simple and not overloaded. Any chance some of these needs could be > > > met with existing infrastructure in 2.6? For example, similar to the > > > sys_new_s_context issue was resolved for LSM with the /proc/pid/attr/ > > > interface, could this be reused? > > > > OK, a few comments here: > > > > 1) the vserver functionality definately is not "future functionality", > > people have been using it in production for a few years already > > Sorry, I don't mean to imply core vserver is all new, just reacting to > one of the justifciations being "people are planning future > functionality." > > > 2) currently vserver only runs on 2.4 (and I think 2.2), it hasn't > > been ported to 2.6 yet and I definately plan to port it in such > > a way that we will be reusing other infrastructure whereever > > possible ... it's just that vserver needs some infrastructure > > that is not possible inside LSM > > > > 3) the needs that can be met with existing infrastructure, like > > CLONE_NEWNS or LSM should definately move out of the vserver > > patch in the port to 2.6 > > Glad to hear it. I haven't looked closely at vserver since about 2.4.14, > but I had hoped to find ways to minimize the vserver patch by reusing > some of the LSM infrastructure. The biggest issue was the ability to > virtualize the results of something like the hostname to be ctx > specific, which was deemed too much to do for the LSM interfaces. > > > 4) I'm all for generalising the interface, how about sys_virtual_context ? > > I _think_ this can be done with /proc/[pid]/attr/. This allows you to > set the security attributes of a process. IIRC, the sys_s_new_context > was something helpers would run before execve'ing a process into the new > context (sorry if my details are off). Same can be acheived with > /proc/[pid]/attr/exec, but writing the new context to that file, then > execve'ing. Here's a link with more details on the API:
one of the advantages the current _and_ future vserver project has over 'changing/setting some features for a process' is the concept of a context layer, residing between kernel and processes _belonging_ to a context ... you could, for example set up a context which allows a maximum of 10 processes, limited to one ethernet interface, using it's own root/user quota, start some 'virtual' server in this context doing all this init stuff, and then visit this context from outside, via a simple 'context' change ... if you've got the right capabilities/permissions ... I can not imagine how you would do that with the /proc/<pid>/attr/ interface, but I'm sure you can explain it to me ... best, Herbert > http://mail.wirex.com/pipermail/linux-security-module/2003-April/4264.html > thanks, > -chris > -- > Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net > - > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to [EMAIL PROTECTED] > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/
