Re: Using fs views to isolate untrusted processes: I need an assistant architect in the USA for Phase I of a DARPA funded linux kernel project

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Hans Reiser <reiser@namesys.com>
To: Christian Mayrhuber <christian.mayrhuber@gmx.net>
Cc: reiserfs-list@namesys.com
Subject: Re: Using fs views to isolate untrusted processes: I need an assistant architect in the USA for Phase I of a DARPA funded linux kernel project
Date: Mon, 02 Aug 2004 12:55:02 -0700	[thread overview]
Message-ID: <410E9C16.1000109@namesys.com> (raw)
In-Reply-To: <200408022102.41838.christian.mayrhuber@gmx.net>

Christian Mayrhuber wrote:

>On Monday 02 August 2004 19:29, Hubert Chan wrote:
>  
>
>>>>>>>"Christian" == Christian Mayrhuber <christian.mayrhuber@gmx.net>
>>>>>>>writes:
>>>>>>>              
>>>>>>>
>>Christian> Linux VServer might be a project that already tries to
>>Christian> accomplish this task.
>>
>>After poking around the linux-veserver.org page, it sounds like Linux
>>VServer is completely different from what Hans/Namesys is trying to do.
>>Linux VServer still uses chroot.  From what I understand about views,
>>you don't need to set up a chroot; applications run under the same
>>filesystem as everything else.  You just need to, for example, say that
>>apache is allowed to read from /etc/apache/*, /var/www, /usr/lib, etc.,
>>and is allowed to write to /var/log/apache/*.  Then, even though apache
>>is running under the same filesystem, it won't even be able to see, say
>>/etc/passwd.
>>    
>>
>Yes, you are right, after reading Hans writeup on the homepage it's clear to 
>me. Views will be definitely very handy. Process Oriented Security seems to 
>be a rather complicated task to administer - it reads like tripwire 
>configuration.
>
>The vserver project has similiar goals:
> - ease administration
> - higher security
>
>chroot() + a marker is still used, because there is nothing better available 
>today ...
>Process separation is accomplished by attaching a context number to every 
>process. Processes with a higher context number than 1 are jailed in their 
>root directory. The network interfaces, process RAM, CPU and disk quota usage 
>is also bound to the same number.
>You can give a "view" to the world outside the chroot() jail by using
>"mount --bind" in the pre-start phase of the vserver.
>
>The views and process oriented security concepts seem to be orthogonal to 
>linux vserver.
>
>  
>
Perhaps we will be a tool verver will find useful.

next prev parent reply	other threads:[~2004-08-02 19:55 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-08-02  1:20 Using fs views to isolate untrusted processes: I need an assistant architect in the USA for Phase I of a DARPA funded linux kernel project Hans Reiser
2004-08-02  9:12 ` Christian Mayrhuber
2004-08-02 17:29   ` Hubert Chan
2004-08-02 18:18     ` Hans Reiser
2004-08-02 19:02     ` Christian Mayrhuber
2004-08-02 19:55       ` Hans Reiser [this message]
2004-08-02 22:10     ` David Greaves
2004-08-03  0:04       ` Hubert Chan
2004-08-03  4:30         ` Matt Stegman
2004-08-03  8:30         ` David Greaves
2004-08-03 10:08         ` Pierre Etchemaite
2004-08-03 10:58 ` James Courtier-Dutton
2004-08-04  5:44   ` Hans Reiser
2004-08-25 20:25 ` Rik van Riel
2004-08-25 20:56   ` Tim Hockin
2004-08-25 21:23     ` Mike Waychison
2004-08-26  6:31       ` Hans Reiser
2004-08-26 13:59         ` Stephen Smalley
2004-08-25 23:19     ` Kyle Moffett
2004-08-26  0:16       ` Mike Waychison
2004-08-26  0:50         ` Kyle Moffett
2004-08-26  1:06           ` Chris Wright
2004-08-26  4:16             ` Kyle Moffett
2004-08-26  4:29               ` viro
2004-08-26  4:52                 ` Kyle Moffett
2004-08-26  5:01                   ` viro
2004-08-26  0:56         ` Chris Wright
2004-08-26  7:52         ` Hans Reiser
2004-08-26  8:48   ` Hans Reiser

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=410E9C16.1000109@namesys.com \
    --to=reiser@namesys.com \
    --cc=christian.mayrhuber@gmx.net \
    --cc=reiserfs-list@namesys.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.