From: Chris Wright (chris_at_wirex.com)
Date: Wed 24 Oct 2001 - 17:42:39 BST

• Next message: Kyle Hayes: "Re: vserver LSM progress"
• Previous message: Chris Wright: "Re: Merging into the LSM: handling /proc"
• Next in thread: Kyle Hayes: "Re: vserver LSM progress"
• Reply: Kyle Hayes: "Re: vserver LSM progress"

I started making a vserver module...so far so good ;-)

So far I have compute_creds, fork, ptrace and signal delivery ported
fairly cleanly. The vserver syscalls are stubbed out (and a cut 'n
paste away from implementation ;-)

Trouble spots:

* as Jacques mentioned, /proc won't go clean. my thought here was adding
  a /proc/vserver entry for the modified proc output, and using filesystem
  operations to protect the various vserver contexts from each other.
  thoughts?

* the scheduler changes won't fit into LSM as they are. this will
  likely remain a patch, unless we can do something sneaky ;-)

* the vserver adds four new fields to the task_struct: s_context,
  cap_bset, ipv4root and s_info. these need to be collapsed into one
  struct for LSM. is it necessary to maintain s_context and
  s_info->s_context, which appear to be the same?

thanks,
-chris

• Next message: Kyle Hayes: "Re: vserver LSM progress"
• Previous message: Chris Wright: "Re: Merging into the LSM: handling /proc"
• Next in thread: Kyle Hayes: "Re: vserver LSM progress"
• Reply: Kyle Hayes: "Re: vserver LSM progress"