From: Andy Kwong (iserlohn_at_aicompro.com)
Date: Wed 28 Nov 2001 - 19:37:59 GMT
On Wed, 2001-11-28 at 11:15, Jurgen Botz wrote:
> Jacques Gelinas wrote:
> > vserver 0.7
> I'd just like to say that I think vserver is a really great idea
> and nice execution. The most beautiful thing about it is its relative
> simplicity... vserver gives us a lot of security bang for very little
> code complexity buck. This is a very good thing!
Yes, using the existing Linux caps to do lockdown is great.
> I've been playing with UML, which I think is great also, but as a tool
> for security isolation of services vserver can't be beat... simplicity
> always has to win out there.
UML is really a boon to kernel developers, especially if you are
developing FS code. The fact that you can test out different changes in
your FS code in different VTs with GDB is quite cool. The COW ubd layer
is very usable.
The code itself is pretty stable, but UML suffers from the fact that it
is not very optimized at the moment. Latency in the UM is poor, and the
Tap interface isn't that fast, plus it fragments packets.
UML is moving at a fast pace though. Both of these projects is very cool
for its respective niches.
> I think we should move quickly on getting some or all of vserver into
> the mainline kernel. If Jacques feels that it's too early get the
> whole thing in we might start with the immutable file/link split as
> this has applications beyond vserver.
Yeah, get it into 2.5. :)
> Jürgen Botz | While differing widely in the various
> jurgen_at_botz.org | little bits we know, in our infinite
> | ignorance we are all equal. -Karl Popper