[Devel] Re: [PATCH 0/9] namespaces: Introduction
Eric W. Biederman
ebiederm at xmission.com
Mon May 22 09:54:11 PDT 2006
Yep. I bungle my description pretty badly.
The key points.
- Simply messing with pid == 1 is not enough, you need to filter
which pids are accessible.
- pid isolation by permission checks and pid isolation via
pid visibility are competing implementations.
- pid isolation by permission checks (except for the pid == 1 case)
can currently be implemented with a security module.
Eric
More information about the Devel
mailing list