* Herbert Poetzl ([EMAIL PROTECTED]) wrote: > > hmm, okay I see it now clearly, we should take > the approach which was so successful for scsi ... > > echo "vserver add-new-vserver 100 0 1 192 0 0 1" >/proc/1/attr/new > > and of course to 'change' the context, a simple > > echo "vserver change-to-old-context 100" >/proc/self/attr/migrate > (and it was never seen again, because it vanished in context 100) > > will be sufficient ...
Sorry if I don't follow your example correctly. There is an attr/prev as well as attr/current, if you are worried the previous context would be lost. > seriously I am completely on your side if we talk about > limiting a process or changing it's environment, even > if we talk about setting a class assignment, but I just > don't believe it's the perfect solution for everything ... Yes, I agree, it won't be useful for everything, but where possible/sensible, we should reuse it. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
