[PATCH] syscall number for vserver
Vserver is a patch that implements BSD jail style virtual host semantics inside Linux, where every process not only runs in its own namespace (it reuses the chroot code for that, should switch to CLONE_NEWNS for 2.6), but also its own hostname and IP address as well as its own view of /proc. Because of that added functionality, it needs more than what is available in the LSM framework (which can only allow/deny permissions, not alter return values). The source code has been running stable for the last few years and is in use at quite a few service providers. The Fedora project also wants to use vserver for their build system. However, vserver for 2.4 just tacks their syscalls onto the end of the syscall table and the userland tools find those "dynamic numbers" somehow ... EWWWW. For 2.6 I'd like to do things right. At the moment the vserver patch has sys_new_s_context and sys_set_ipv4root calls, but since we'll probably end up getting an ipv6 call too and people are planning future functionality, I guess it would be more appropriate to multiplex these through one sys_vserver patch, in the same way sys_ipc works. For your reference, you can find more information about vserver on these pages: http://www.13thfloor.at/VServer/ http://www.solucorp.qc.ca/miscprj/s_context.hc I estimate the project has about a dozen developers now. We are planning on making the implementation for 2.6 fairly lightweight, reusing infrastructure from other code where possible and only doing things through sys_vserver where there is no other way. This small change just adds sys_vserver to the syscall table.
Showing
Please register or sign in to comment