Re: [RFC] Virtualization steps

From: Sam Vilain
Date: Wed Mar 29 2006 - 18:16:35 EST

Next message: Bryan O'Sullivan: "[PATCH 0 of 16] ipath - driver submission for 2.6.17"
Previous message: Chris Wright: "Re: [RFC] Virtualization steps"
In reply to: Chris Wright: "Re: [RFC] Virtualization steps"
Next in thread: Chris Wright: "Re: [RFC] Virtualization steps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Chris Wright wrote:

>Not my intention. Rather, I think from a security standpoint there's
>sanity in controlling things with a single policy.
>

Yes, certainly. Providing the features to the users in a different way
is a pragmatic alternative to trying to make sure the contained system
gets to use all the same kernel API calls it could without the
virtualisation. The only people who won't like that is are people
consolidating, so they still have to use Xen.

>I'm thinking of
>containers as a simple and logical extension of roles. Point being,
>the per-object security label can easily include notion of container.
>
>

If it fits the model well, sounds good.

Sam.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bryan O'Sullivan: "[PATCH 0 of 16] ipath - driver submission for 2.6.17"
Previous message: Chris Wright: "Re: [RFC] Virtualization steps"
In reply to: Chris Wright: "Re: [RFC] Virtualization steps"
Next in thread: Chris Wright: "Re: [RFC] Virtualization steps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]