From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Wed 08 Oct 2003 - 20:27:17 BST
On Wed, Oct 08, 2003 at 02:14:54PM +0200, Enrico Scholz wrote:
> jack_at_solucorp.qc.ca (Jacques Gelinas) writes:
> > new_s_context
> > The system call has been changed completly. You can
> > select several security context (up to 16). And root in
> > a security context is allowed to shuffle in the security
> > contexts already assigned.
> Wouldn't be hierarchical vservers a better and more general
> solution? E.g.
> * add parent_ctx field to 'struct context_info'
> * check if current-ctx is a parent-ctx when trying to enter an
> existing context (go back the parent_ctx fields)
> * remove the supervisor-ctx-1 concept; every ctx can see the
> processes of its child-contexts
> * contexts can be removed only when they do not have children
agreed, this would be a good solution,
we (IIRC rik and paul) discussed that on IRC
some time ago, except for the ->child and
->parent binding nothing special would be
> Vserver mailing list