Re: [patch 2/3] lsm: add bsdjail module

From: Christoph Hellwig
Date: Sun Oct 10 2004 - 06:36:13 EST

Next message: Jim Nelson: "Re: [Patch 1/5] xbox: add 'CONFIG_X86_XBOX' to kernel configuration"
Previous message: Serge E. Hallyn: "Re: [patch 2/3] lsm: add bsdjail module"
In reply to: Serge E. Hallyn: "Re: [patch 2/3] lsm: add bsdjail module"
Next in thread: Alan Cox: "Re: [patch 2/3] lsm: add bsdjail module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Oct 10, 2004 at 07:31:52AM -0400, Serge E. Hallyn wrote:
> > Your filesystem handling code is completely superflous (and buggy). Please
> > remove all the code dealing with chroot-lookalikes. In your userland script
> > you simpl have to clone(.., CLONE_NEWNS) to detach your namespace from your
> > parent, then you can lazly unmount all filesystems and setup your new namespace
> > before starting the jail. The added advantage is that you don't need any
> > cludges to keep the user from exiting the chroot.
>
> I definately would prefer to use namespaces. I had originally wanted to
> do a copy_namespace() in the module. That function is not exported,
> though. Is doing that in user-space really the right way to do it?

If something can be done in userspace nicely that's preferable over doing it in
kernelspace, yes.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jim Nelson: "Re: [Patch 1/5] xbox: add 'CONFIG_X86_XBOX' to kernel configuration"
Previous message: Serge E. Hallyn: "Re: [patch 2/3] lsm: add bsdjail module"
In reply to: Serge E. Hallyn: "Re: [patch 2/3] lsm: add bsdjail module"
Next in thread: Alan Cox: "Re: [patch 2/3] lsm: add bsdjail module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]