From: Rik van Riel (riel_at_conectiva.com.br)
Date: Wed 24 Oct 2001 - 02:00:49 BST
On Tue, 23 Oct 2001, Jacques Gelinas wrote:
> > i've started looking at making a vserver LSM module. it looks like it
> > won't be too tough, and i think vserver might get some new protection.
> > are people interested in this?
I'm in. This will make vserver easier to add to the kernel and
will give us a stable syscall interface...
> When I started the vserver project, I was trying to fix a little
> problem. Few weeks later, this is changing everything, from the way we
> install firewalls to the way developpers work.
> If we can keep the simplicity and add functionality, this is cool. I
> am downloading the latest LSM now....
I'm absolutely impressed by vserver. It is simple, effective
and redicilously easy to figure out. It took me a full 5 minutes
to setup a vserver and that was mostly because I didn't read the
documentation before starting ...
One minor nitpick, 'vserver <foo> build' could use 'mount --bind'
on the 2.4 kernels; this would save both disk space and memory use,
and 'mount --bind' also accepts options like read only mounts so
root inside the vservers cannot mess with the files.
-- DMCA, SSSCA, W3C? Who cares? http://thefreeworld.net/ (volunteers needed)