Guillaume Pratte wrote:
> Thanks for the change log Daniel.
>
> Something is solliciting my curiosity though:
>
> - privacy for guests, which will hide things from xid 1
>
> I am not sure I am found of that "privacy" thing.
That's why it's configurable ;-)
> Isn't xid 1 the monitoring context?
Yes.
> Isn't supposed to be able to see everything in the system?
Well, not if you want to protect the guests from the host.
> For instance, if I remember correctly, vserver-stat uses xid 1
> to mesure the memory usage of each vserver...
In older versions/kernels, yeah. But that's already rather broken by design.
> Maybe it's an irrational fear, but it seems to me like an invitation to
> root kits... With this privacy option, how will we be able to precisely
> account the memory usage of each vserver?
vserver-stat in util-vserver 0.30.213 doesn't use xid 1 anymore (if you
have a recent enough kernel that has the accounting APIs).
-- Daniel Hokka Zakrisson _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserverReceived on Wed Apr 4 16:23:55 2007