Re: [RFC] Virtualization steps

From: Sam Vilain
Date: Wed Mar 29 2006 - 17:34:19 EST

Next message: Lee Revell: "Re: [2.6.16] reiserfs3 and swap scheduling while atomic:mount/0x00000001/1108"
Previous message: Andrew Morton: "Re: [PATCH][RFC] splice support"
In reply to: Chris Wright: "Re: [RFC] Virtualization steps"
Next in thread: Chris Wright: "Re: [RFC] Virtualization steps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Chris Wright wrote:

>* Sam Vilain (sam@xxxxxxxxxx) wrote:
>
>
>>This raises a very interesting question. All those LSM globals,
>>shouldn't those be virtualisable, too? After all, isn't it natural to
>>want to apply a different security policy to different sets of processes?
>>
>>
>
>Which globals? Policy could be informed by relevant containers.
>
>

extern struct security_operations *security_ops; in
include/linux/security.h is the global I refer to.

There is likely to be some contention there between the security folk
who probably won't like the idea that your security module can be
different for different processes, and the people who want to provide
access to security modules on the systems they want to host or consolidate.

Sam.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Lee Revell: "Re: [2.6.16] reiserfs3 and swap scheduling while atomic:mount/0x00000001/1108"
Previous message: Andrew Morton: "Re: [PATCH][RFC] splice support"
In reply to: Chris Wright: "Re: [RFC] Virtualization steps"
Next in thread: Chris Wright: "Re: [RFC] Virtualization steps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]