> What I'm talking about is providing finer granularity for what system
> calls a process can make. A process that can't make system calls
> cannot delete files, make network connections, or make DOS attacks on
> RAM, CPU, or other system resources. Ever action is monitored by the
> host process, which is trusted code.
In order to implement all this stuff, you need all kinds of new cruft in the
kernel, and some in the system call path.
I better way to do this (IMHO) is with a dedicated sandbox arrangement. My
user-mode port of the kernel (http://user-mode-linux.sourceforge.net) is one.
It gives you a virtual machine whose disk space consumption, cpu consumption,
memory comsumption, and network traffic can be completely controlled.
Plus, it's all in user-space. Nothing needs to be added to the kernel at all.
Jeff
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Jun 15 2000 - 21:00:20 EST