From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Tue 01 Jan 2002 - 17:46:25 GMT
On Tue, 1 Jan 2002 05:21:21 -0500, edward_at_paradigm4.com.au wrote
> Is there a way to combine lids kernel ( http://www.lids.org/ )
> with the vserver kernel?
> These 2 are my favourites but the kernel patches seem to overlap
> so can't be both applied which is a real pity.
The only way is to adapt the patch, which requires some kernel understanding.
You may have some luck by patching one before the other
> Also, do you have any plans of converting to LSM, which
> (hopefully) will be part of 2.6 tree someday?
Not all of the vserver patch may be handled by the LSM. But not all of vserver
patch is related to security either. Once the project have settled we will
be able to split it in several patches and potentially promote inclusion of
each patch in the 2.5 kernel tree separatly. Some of it will be rework as an
LSM module, some (new_ipv4root and the immutable-linkage) could become
standard linux features.
> I know the primary goal of vserver project is clean separation of vservers
> without speed loss not security per se but because it does a good job
> of containing each vserver it may as well be a security module.
Yes the primary goal is virtual private server, yet security is also important.
The new_scontext() syscall is more general than the vserver project. One goal
is to create a personal security box where any user can run a non-trusted package
with fine grain control over what this package can do to file, network and especially
the user own files.
Security is also a very important goal for the vserver project. Basically, we want
to create a framework so the root server becomes a monitoring server. Since it
can spy vservers without the vserver having to enable any services, it can really
do a lot such as intrusion detection. At some point, the immutable bits will be
reworked to create a trap mode. Whenever a vserver attempts to modifiy or read
the extended attribute, a trap will be generated, the process will be locked and the
admin will be called. A normal vserver never do such a thing.
These are the kind of things we have in mind security wise.
There are now many projects out there providing enhance security for linux.
HP with its compartment, NSA and now lids (Well, now for me, I just learned
about this project today). Hopefully, the LSM will provide a general purpose
framework to support all those variations.
Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!