From: Chris Wright (chrisw_at_osdl.org)
Date: Thu 02 Oct 2003 - 00:05:26 BST
* Herbert Poetzl (herbert_at_13thfloor.at) wrote:
> hmm, okay I see it now clearly, we should take
> the approach which was so successful for scsi ...
> echo "vserver add-new-vserver 100 0 1 192 0 0 1" >/proc/1/attr/new
> and of course to 'change' the context, a simple
> echo "vserver change-to-old-context 100" >/proc/self/attr/migrate
> (and it was never seen again, because it vanished in context 100)
> will be sufficient ...
Sorry if I don't follow your example correctly. There is an attr/prev
as well as attr/current, if you are worried the previous context would
> seriously I am completely on your side if we talk about
> limiting a process or changing it's environment, even
> if we talk about setting a class assignment, but I just
> don't believe it's the perfect solution for everything ...
Yes, I agree, it won't be useful for everything, but where
possible/sensible, we should reuse it.
-- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net