From: Jonathan Sambrook (jonathan.sambrook_at_dsvr.co.uk)
Date: Thu 20 Feb 2003 - 16:26:19 GMT
I'm looking at the ctx patch for DSVR to see how we could integrate it
into our operation (see http://www.dsvr.co.uk).
We'd like vserver users to be as ignorant of their vserver-ness as
possible, hence cloaking /proc/self/status.
But for investigating/debugging/hacking-on-vserver purposes, this
cloaking should be sysctl-able.
The ctx sysctl should itself be cloakable too.
All this might not suit all tastes, so whilst the patch defaults to the
most secure option, the usual:
echo 1 > /proc/sys/kernel/ctx/visible-self-status
echo 1 > /proc/sys/kernel/ctx/visible-sysctrls
would restore previous behaviour.
Comments please.
Jonathan
-- Jonathan Sambrook Software Developer Designer Servers