From: Chris Wright (chris_at_wirex.com)
Date: Wed 24 Oct 2001 - 00:56:38 BST
* Jacques Gelinas (jack_at_solucorp.qc.ca) wrote:
> On Tue, 23 Oct 2001 20:06:20 -0500, Rik van Riel wrote
> > Hi,
> >
> > as an alternative to the syscall problem, would it be
> > possible to let vserver use the LSM (linux security module)
> > interface and syscall to configure things ?
> >
> > I really would like to move vserver into production soon,
> > since it seems ready ... but this cannot be done if the
> > interface to userspace conflicts with other code...
>
> I have to review the LSM. I tough it was related to the NSA thing and
> as such was introducing much changes to the kernel (or many little things
> here and there)
i've started looking at making a vserver LSM module. it looks like it
won't be too tough, and i think vserver might get some new protection.
one obvious change would be the syscall method, as LSM creates a
sys_security syscall that is a multiplexor much like the sys_socketcall.
are people interested in this?
-chris