Re: [patch 2/3] lsm: add bsdjail module

[Christoph Hellwig]

On Tue, Oct 12, 2004 at 02:27:33PM +0200, Herbert Poetzl wrote:
> On Tue, Oct 12, 2004 at 10:00:57AM +0100, Christoph Hellwig wrote:
> > On Tue, Oct 12, 2004 at 09:00:55AM +0200, Herbert Poetzl wrote:
> > > and it works well, because we use it for almost
> > > a year now on linux-vserver ;)
> > 
> > Btw, could anyone explain the exact differences between linux-vserver
> > and this jail module?
> 
> hmm, okay I'll try ...
> 
> linux-vserver is a combination of kernel patch and
> userspace tools to create 'virtual servers' similar
> to UML, but sharing the resources (and kernel).
> 
> to do this, it uses process isolation, network
> isolation and disk space separation (tagging). 
> in addition it does resource management (accounting
> and limits) for various aspects (CPU, memory, 
> processes, sockets, filehandles, ...)
> 
> the jail module is recreating a limited subset of
> the isolation aspect via LSM (similar to the BSD
> jail) which allows to confine a process (and it's
> children) to a chroot() environment under certain
> limitations (resources)

So why

 a) can't linux-vserver use LSM hooks where applicable
 b) can't the two projects share code so we don't only have a crippled
    version in mainline

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/