On Wed, 8 Oct 2003 14:14:05 -0500, Enrico Scholz wrote > [EMAIL PROTECTED] (Jacques Gelinas) writes: > > > new_s_context > > > > The system call has been changed completly. You can > > select several security context (up to 16). And root in > > a security context is allowed to shuffle in the security > > contexts already assigned. > > Wouldn't be hierarchical vservers a better and more general > solution? E.g. > > * add parent_ctx field to 'struct context_info' > * check if current-ctx is a parent-ctx when trying to enter an > existing context (go back the parent_ctx fields)
This is an option, but we have to limit the amount of security context a vserver is allowed to create. Having to select from an allocated pool seems to solve the issue. > * remove the supervisor-ctx-1 concept; every ctx can see the > processes of its child-contexts No this is dangourous. Currently a root server can't clearly differentiate its own stuff from all vserver. So we need this. Using killall is handy and it would become a nightmare. --------------------------------------------------------- Jacques Gelinas <[EMAIL PROTECTED]> vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc
