Re: lsm: add bsdjail documentation

From: Matthias Urlichs
Date: Thu Oct 07 2004 - 17:58:32 EST

Next message: Chris Friesen: "Re: UDP recvmsg blocks after select(), 2.6 bug?"
Previous message: Samuel Thibault: "Re: [Patch] new serial flow control"
In reply to: Serge Hallyn: "Re: [patch 3/3] lsm: add bsdjail documentation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, Serge Hallyn wrote:

> + echo -n "ip 2.2.2.2" > /proc/$$/attr/exec (optional)

Please use RFC private addresses in example code.

That being said, bsdjail is a very good idea (which is why we're stealing
it from BSD after all ...). It affords lightweight compartmentalization,
in other words a chroot-on-steroids, which is exactly what I need to split
one box into a couple of mostly-independent realms, and I assume that many
ISP/ASP/whatever hosting people will agree.

Anyway, that's my vote for adding it to the kernel.

--
Matthias Urlichs
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Friesen: "Re: UDP recvmsg blocks after select(), 2.6 bug?"
Previous message: Samuel Thibault: "Re: [Patch] new serial flow control"
In reply to: Serge Hallyn: "Re: [patch 3/3] lsm: add bsdjail documentation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]