About this list Date view Thread view Subject view Author view Attachment view

From: Alex Lyashkov (shadow_at_psoft.net)
Date: Wed 13 Aug 2003 - 23:46:23 BST


On Thursday 14 August 2003 01:32, Herbert P÷tzl wrote:
>
> why not real virtualization? simple, because in current
> ctx-world the context does not know which mounts would
> belong to him, because there is no namespace abstraction ...
>
> HTH,
> Herbert
>
>
> no /proc/mounts ...
disable see /proc/mounts can do more simple.
i do it in last patches
diff -cr2P linux-2.4.18-27.7/fs/proc/base.c../linux-2.4.18-27.7/fs/proc/base.c
*** linux-2.4.18-27.7/fs/proc/base.c Tue Jun 10 12:21:10 2003
--- ../linux-2.4.18-27.7/fs/proc/base.c Tue Jun 10 12:18:08 2003
***************
*** 250,257 ****

  extern struct seq_operations mounts_op;
  static int mounts_open(struct inode *inode, struct file *file)
  {
        struct task_struct *task = inode->u.proc_i.task;
! int ret = seq_open(file, &mounts_op);

        if (!ret) {
--- 251,267 ----

  extern struct seq_operations mounts_op;
+
  static int mounts_open(struct inode *inode, struct file *file)
  {
        struct task_struct *task = inode->u.proc_i.task;
! int ret ;
!
!
! if( task->s_context != &root_context)
! {
! return -EPERM;
! }
!
! ret = seq_open(file, &mounts_op);

        if (!ret) {

patch in open /proc/mounts return "permision deny".

-- 
With best regards,
Alex


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Thu 14 Aug 2003 - 07:42:42 BST by hypermail 2.1.3