Re: Using fs views to isolate untrusted processes: I need an assistantarchitect in the USA for Phase I of a DARPA funded linux kernel project
From: Mike Waychison
Date: Wed Aug 25 2004 - 16:43:11 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tim Hockin wrote:
> On Wed, Aug 25, 2004 at 04:25:24PM -0400, Rik van Riel wrote:
>
>>>You can think of this as chroot on steroids.
>>
>>Sounds like what you want is pretty much the namespace stuff
>>that has been in the kernel since the early 2.4 days.
>>
>>No need to replicate VFS functionality inside the filesystem.
>
>
> When I was at Sun, we talked a lot about this. Mike, does Sun have any
> iterest in this?
Not that I know of. I believe the functionality Hans is looking for has
already been handled by SELinux. What is needed (if it doesn't already
exist) is a tool to gather these 'viewprints' automagically.
- --
Mike Waychison
Sun Microsystems, Inc.
1 (650) 352-5299 voice
1 (416) 202-8336 voice
http://www.sun.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTICE: The opinions expressed in this email are held by me,
and may not represent the views of Sun Microsystems, Inc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBLQM4dQs4kOxk3/MRArXMAJ0WTzw8L/vLNO3lYwkCdGJGrzRBKgCcD7l7
w6eSrLFYVHoQ9CiAruQCV9E=
=PVV9
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/