Re: [patch 1/3] lsm: add bsdjail module

[Chris Wright]

* Andrew Morton (akpm@xxxxxxxx) wrote:
> James Morris <jmorris@xxxxxxxxxx> wrote:
> > On Thu, 7 Oct 2004, Serge E. Hallyn wrote:
> > 
> >  > Because it gives Linux a functionality like FreeBSD's jail and Solaris'
> >  > zones in an unobtrusive manner, without impacting users who don't wish
> >  > to use it  (except for the extra security_task_lookup function calls).
> > 
> >  Yes, as an LSM module, it can be configured out.  I think it's a good use
> >  of the LSM framework, and may be useful for people migrating to Linux from
> >  legacy Solaris and FreeBSD.
> 
> Sure, but that's a bit speculative for adding a feature to the mainline
> kernel.

Which feature are you concerned over, the additional hook or the
new module?  The module is a no-op for anybody who doesn't want it.
I can't vouch for the number of users of this module although I've seen
some positive feedback from users.  One nice bit is that it goes a way
towards helping vserver which does have quite a few users.  This module
really demonstrates one of the points of LSM...to support multiple
security models.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/