From: Sandino Araico Sánchez (sandino_at_sandino.net)
Date: Thu 16 Sep 2004 - 03:36:01 BST
Christian Mayrhuber wrote:
>Could become interesting:
> http://www.namesys.com/blackbox_security.html
>
>
The process-oriented ACL seems functionality equivalent to grsec
process-based ACLs.
One disadvantage of grsec + vserver is that ACLs are applied system-wide
and must be administered on the mother server. The same applies to
iptables rules.
The advantage of Reiser's views model is that since they are defined on
the file attributes they can be defined inside the scope of the children
vservers so each vserver admin will be able to define his own ACLs just
by defining ACL attributes on every file to be execcuted.
The VPS administrators using Reiser 4 will be able to define
process-oriented ACLs as they wish whenever they wish while VPS
administrators using grsec ACLs must rely on their host system
administrator to apply the rules as they better understand.
>What do you think, maybe views instead of
>chroot() + mount --bind?
>
>
>
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver