Re: [patch 2/3] lsm: add bsdjail module
From: Herbert Poetzl
Date: Tue Oct 12 2004 - 08:09:10 EST
On Tue, Oct 12, 2004 at 10:00:57AM +0100, Christoph Hellwig wrote:
> On Tue, Oct 12, 2004 at 09:00:55AM +0200, Herbert Poetzl wrote:
> > and it works well, because we use it for almost
> > a year now on linux-vserver ;)
>
> Btw, could anyone explain the exact differences between linux-vserver
> and this jail module?
hmm, okay I'll try ...
linux-vserver is a combination of kernel patch and
userspace tools to create 'virtual servers' similar
to UML, but sharing the resources (and kernel).
to do this, it uses process isolation, network
isolation and disk space separation (tagging).
in addition it does resource management (accounting
and limits) for various aspects (CPU, memory,
processes, sockets, filehandles, ...)
the jail module is recreating a limited subset of
the isolation aspect via LSM (similar to the BSD
jail) which allows to confine a process (and it's
children) to a chroot() environment under certain
limitations (resources)
best,
Herbert
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/