Re: RFC [patch 13/34] PID Virtualization Define new task_pid api

[Kirill Korotaev]

> There areas.
> 1) Checkpointing.
> 2) Isolation for security purposes.
>    There may be secrets that the sysadmin should not have access to.
I hope you understand, that such things do not make anything secure. 
Administrator of the node will always have access to /proc/kcore, 
devices, KERNEL CODE(!) etc. No security from this point of view.

> 3) Nesting of containers, (so they are general purpose and not special hacks).
Why are you interested in nesting? Any applications for this?
Until everything is virtualized in nesting way (including TCP/IP stack, 
routing etc.) I see no much use of it.

> The vserver way of solving some of these problems is to provide a way
> to enter the guest.  I would rather have some explicit operation that puts
> you into the guest context so there is a single point where we can tackle
> the nested security issues, than to have hundreds of places we have to
> look at individually.
Huh, it sounds too easy. Just imagine that VPS owner has deleted ps, 
top, kill, bash and other tools. You won't be able to enter. Another 
example when VPS owner is near its resource limits - you won't be able 
to do anything after VPS entering.
Do you need other examples?

Kirill

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/