From: Christoph Hellwig <hch@infradead.org>
To: Christoph Hellwig <hch@infradead.org>,
Alan Cox <alan@lxorguk.ukuu.org.uk>,
"Serge E. Hallyn" <serue@us.ibm.com>,
Andrew Morton <akpm@osdl.org>,
chrisw@osdl.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [patch 2/3] lsm: add bsdjail module
Date: Wed, 20 Oct 2004 16:36:21 +0100 [thread overview]
Message-ID: <20041020153621.GA21916@infradead.org> (raw)
In-Reply-To: <20041012122733.GD8012@DUMA.13thfloor.at>
On Tue, Oct 12, 2004 at 02:27:33PM +0200, Herbert Poetzl wrote:
> On Tue, Oct 12, 2004 at 10:00:57AM +0100, Christoph Hellwig wrote:
> > On Tue, Oct 12, 2004 at 09:00:55AM +0200, Herbert Poetzl wrote:
> > > and it works well, because we use it for almost
> > > a year now on linux-vserver ;)
> >
> > Btw, could anyone explain the exact differences between linux-vserver
> > and this jail module?
>
> hmm, okay I'll try ...
>
> linux-vserver is a combination of kernel patch and
> userspace tools to create 'virtual servers' similar
> to UML, but sharing the resources (and kernel).
>
> to do this, it uses process isolation, network
> isolation and disk space separation (tagging).
> in addition it does resource management (accounting
> and limits) for various aspects (CPU, memory,
> processes, sockets, filehandles, ...)
>
> the jail module is recreating a limited subset of
> the isolation aspect via LSM (similar to the BSD
> jail) which allows to confine a process (and it's
> children) to a chroot() environment under certain
> limitations (resources)
So why
a) can't linux-vserver use LSM hooks where applicable
b) can't the two projects share code so we don't only have a crippled
version in mainline
next prev parent reply other threads:[~2004-10-20 15:47 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-10-06 20:21 (patch 1/3) lsm: add control over /proc/<pid> visibility Serge Hallyn
2004-10-06 20:24 ` [patch 1/3] lsm: add bsdjail module Serge Hallyn
2004-10-06 23:26 ` Andrew Morton
2004-10-07 4:08 ` Serge E. Hallyn
2004-10-07 6:18 ` James Morris
2004-10-07 6:22 ` Andrew Morton
2004-10-07 16:06 ` Chris Wright
2004-10-07 18:40 ` Andrew Morton
2004-10-07 18:52 ` Chris Wright
2004-10-07 20:56 ` Serge E. Hallyn
2004-10-10 6:24 ` Herbert Poetzl
2004-10-07 12:06 ` Alan Cox
2004-10-07 19:01 ` [patch 2/3] " Serge E. Hallyn
2004-10-07 19:42 ` Chris Wright
2004-10-07 20:05 ` Andrew Morton
2004-10-08 18:05 ` Serge E. Hallyn
2004-10-10 10:41 ` Christoph Hellwig
2004-10-10 11:31 ` Serge E. Hallyn
2004-10-10 11:34 ` Christoph Hellwig
2004-10-11 13:47 ` Alan Cox
2004-10-12 7:00 ` Herbert Poetzl
2004-10-12 9:00 ` Christoph Hellwig
2004-10-12 12:27 ` Herbert Poetzl
2004-10-20 15:36 ` Christoph Hellwig [this message]
2004-10-20 19:18 ` Herbert Poetzl
2004-10-12 13:11 ` Serge E. Hallyn
2004-10-12 14:15 ` Christoph Hellwig
2004-10-12 22:35 ` Ulrich Drepper
2004-10-13 0:58 ` Serge E. Hallyn
2004-10-13 1:09 ` Ulrich Drepper
2004-10-13 1:22 ` Serge E. Hallyn
2004-10-13 15:26 ` Stephen Smalley
2004-10-13 1:11 ` Chris Wright
2004-10-13 14:25 ` Stephen Smalley
2004-10-06 20:25 ` [patch 3/3] lsm: add bsdjail documentation Serge Hallyn
2004-10-07 22:17 ` Matthias Urlichs
2004-10-08 20:02 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041020153621.GA21916@infradead.org \
--to=hch@infradead.org \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=chrisw@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.