From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Thu 20 Feb 2003 - 23:05:51 GMT
On Thu, 20 Feb 2003 18:16:05 -0500, Herbert Poetzl wrote
> On Thu, Feb 20, 2003 at 04:26:19PM +0000, Jonathan Sambrook wrote:
> > I'm looking at the ctx patch for DSVR to see how we could integrate it
> > into our operation (see http://www.dsvr.co.uk).
>
> hmm, maybe you could elaborate a little bit
> on your plans regarding the "operation"
>
> > We'd like vserver users to be as ignorant of their vserver-ness as
> > possible, hence cloaking /proc/self/status.
>
> but what about the other 10 or 20 indices for
> a virtual server environment? (e.g. mknod, ethernet
> etc ...) or do you give all capabilities?
I like the ability to control this on a vserver basis instead of globally.
In the current vserver implementation, there is a flag called hideinfo. All
utility correctly pass this flag and set it in the kernel in the security
context structure. So by testing this flag instead, one can hide whatever
it wants, on a vserver basis.
I suggest a rework of the patch using this flag.
comment ?
---------------------------------------------------------
Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!
http://www.solucorp.qc.ca/miscprj/s_context.hc