Subject: Re: [RFC][PATCH 1/6] prepare sysctls for containers
From: Dave Hansen <haveblue@us.ibm.com>
To: Chris Wright <chrisw@sous-sol.org>
Cc: linux-kernel@vger.kernel.org, serue@us.ibm.com, frankeh@watson.ibm.com,
       clg@fr.ibm.com, Herbert Poetzl <herbert@13thfloor.at>,
       Sam Vilain <sam@vilain.net>
In-Reply-To: <20060307010139.GF27645@sorel.sous-sol.org>
References: <20060306235248.20842700@localhost.localdomain>
	 <20060306235249.880CB28A@localhost.localdomain>
	 <20060307010139.GF27645@sorel.sous-sol.org>
Content-Type: text/plain
Date: Mon, 06 Mar 2006 18:04:11 -0800
Message-Id: <1141697051.9274.58.camel@localhost.localdomain>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 975
Lines: 21

On Mon, 2006-03-06 at 17:01 -0800, Chris Wright wrote:
> Interesting idea.  One piece that's missing is strategy for controlling
> creation the new context (assuming the data_access() will always evaluate
> into a context sensitive piece of data).  Otherwise a user can get out
> of the limits imposed by sysadmin (since they may have placed themselves
> in a context which differs from admin).

Yup, that is missing for now.  We couldn't agree on quite which
implementation we want for basic containers/vservers/vpses.  So, for
now, making it useful is left as an exercise to the reader. :)

BTW, the current code _is_ potentially context sensitive because
"current" provides much of the context that we will ever need.

-- Dave

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/