From: Chris Wright (chrisw_at_osdl.org)
Date: Fri 30 Jan 2004 - 06:57:14 GMT
* Tim Freeman (tim_at_fungible.com) wrote:
> Does anyone know where the LSM framework is sufficient to implement vserver?
I know that the context specific hostname and IP (when binding to
INADDR_ANY) didn't fit cleanly into LSM hooks. I created a list quite
some time back, if no one has more uptodate info I can reproduce it.
> The grsecurity patches, for instance, don't use LSM because it isn't
> flexible enough.
The primary area that grsec doesn't fit is when it strays from standard
access control (the PaX and audit bits spring to mind).
thanks,
-chris
-- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net _______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver