Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932437AbWC1WG4 (ORCPT ); Tue, 28 Mar 2006 17:06:56 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S932439AbWC1WG4 (ORCPT ); Tue, 28 Mar 2006 17:06:56 -0500 Received: from ebiederm.dsl.xmission.com ([166.70.28.69]:55966 "EHLO ebiederm.dsl.xmission.com") by vger.kernel.org with ESMTP id S932437AbWC1WGz (ORCPT ); Tue, 28 Mar 2006 17:06:55 -0500 To: Herbert Poetzl Cc: haveblue@us.ibm.com, Kirill Korotaev , linux-kernel@vger.kernel.org, devel@openvz.org, serue@us.ibm.com, akpm@osdl.org, sam@vilain.net, Alexey Kuznetsov , Pavel Emelianov , Stanislav Protassov Subject: Re: [RFC] Virtualization steps References: <44242A3F.1010307@sw.ru> <20060324211917.GB22308@MAIL.13thfloor.at> From: ebiederm@xmission.com (Eric W. Biederman) Date: Tue, 28 Mar 2006 14:58:23 -0700 In-Reply-To: <20060324211917.GB22308@MAIL.13thfloor.at> (Herbert Poetzl's message of "Fri, 24 Mar 2006 22:19:17 +0100") Message-ID: User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.4 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 798 Lines: 21 Herbert Poetzl writes: >> - network virtualization > > here I see many issues, as for example Linux-VServer > does not necessarily aim for full virtualization, when > simple and performant isolation is sufficient. The current technique employed by vserver is implementable in a security module today. We are implementing each of these pieces as a separate namespace. So actually using any one of them is optional. So implementing your current method of network isolation in a security module should be straight forward. Eric - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/