From: Chris Wright (chris_at_wirex.com)
Date: Wed 27 Feb 2002 - 01:08:34 GMT

• Next message: Jacques Gelinas: "Re: [vserver] unify check/ disk usage"
• Previous message: Paul Kreiner: "[vserver] ctx-8 kernel patches against -ac available"
• In reply to: Jacques Gelinas: "re: [vserver] netstat like openwall"

On Tue, 26 Feb 2002 16:57:36 -0500, Mihai RUSU wrote
> > For the first issue I think there can be done a quick hack based on the
> > sources of openwall patch (www.openwall.org) as follows:
> > - openwall kernels show on netstat only the connections which belong to
> > the current userid

I thought viewing /proc/net/* was limited by group id (you have to have
the special group id set with gid= mount option).

* Jacques Gelinas (jack_at_solucorp.qc.ca) wrote:
> The patch on ctx-8 uses the security context. The solution in openwall,
> should work on top of that and would be a per-vserver feature. openwall
> is part of the LSM I think.

Bits and pieces of Openwall are ported to LSM. The SECURE_PROC bit
has been waiting for an interface change in the VFS that should be
available soon (viro mentioned something like the next week or two for
the VFS change).

cheers,
-chris

• Next message: Jacques Gelinas: "Re: [vserver] unify check/ disk usage"
• Previous message: Paul Kreiner: "[vserver] ctx-8 kernel patches against -ac available"
• In reply to: Jacques Gelinas: "re: [vserver] netstat like openwall"