Re: [RFC] Virtualization steps

From: Chris Wright
Date: Wed Mar 29 2006 - 21:00:56 EST


* David Lang (dlang@xxxxxxxxxxxxxxxxxx) wrote:
> what if the people administering the container are different from the
> people administering the host?

Yes, I alluded to that.

> in that case the people working in the container want to be able to
> implement and change their own policy, and the people working on the host
> don't want to have to implement changes to their main policy config (wtih
> all the auditing that would be involved with it) every time a container
> wants to change it's internal policy.

*nod*

> I can definantly see where a container aware policy on the master would be
> useful, but I can also see where the ability to nest seperate policies
> would be useful.

This is all fine. The question is whether this is a policy management
issue or a kernel infrastructure issue. So far, it's not clear that this
really necessitates kernel infrastructure changes to support container
aware policies to be loaded by physical host admin/owner or the virtual
host admin. The place where it breaks down is if each virtual host
wants not only to control its own policy, but also its security model.
Then we are left with stacking modules or heavier isolation (as in Xen).

thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/