Re: [patch 2/3] lsm: add bsdjail module

From: Christoph Hellwig
Date: Tue Oct 12 2004 - 09:17:25 EST

Next message: Nathan Lynch: "Re: [PATCH] i386 CPU hotplug updated for -mm"
Previous message: Ingo Molnar: "Re: [patch] VP-2.6.9-rc4-mm1-T6"
In reply to: Serge E. Hallyn: "Re: [patch 2/3] lsm: add bsdjail module"
Next in thread: Ulrich Drepper: "Re: [patch 2/3] lsm: add bsdjail module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Oct 12, 2004 at 08:11:24AM -0500, Serge E. Hallyn wrote:
> > That however requires a co-operator outside the chroot so doesn't seem
> > to be a problem. I like the CLONE approach, its a lot cleaner.
>
> The attached patch (against -rc4-mm1) moves the responsibility for
> filesystem containment entirely to userspace. The Documentation/bsdjail.txt
> file reflects the new usage. It also incorporates Christoph's cleanups.
>
> I still need to see about generalizing the networking confinement. I
> certainly like the concept (as I understand it at least) behind the new
> vserver networking, but am not sure it can be done without patching.

Please remember that linux kernel work is not about "not needing patching".
If a concept makes sense changing code is a good thing.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nathan Lynch: "Re: [PATCH] i386 CPU hotplug updated for -mm"
Previous message: Ingo Molnar: "Re: [patch] VP-2.6.9-rc4-mm1-T6"
In reply to: Serge E. Hallyn: "Re: [patch 2/3] lsm: add bsdjail module"
Next in thread: Ulrich Drepper: "Re: [patch 2/3] lsm: add bsdjail module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]