On Tue, 2002-08-13 at 22:09, Colin Walters wrote: > On Tue, 2002-08-13 at 17:48, Russell Coker wrote: > > I have written SE Linux policy for administration of a chroot environment. > > That allows me to give full root administration access (ability to > > create/delete users, kill processes running under different UIDs, ptrace, > > etc) to a chroot environment without giving any access to the rest of the > > system. > > Since no one else has apparently said it explictly yet, I have to say > that's extremely cool :)
argh. its so cool that you essentially stole my summer research. :(. Does this allow you to create any amount of chroot jails? We are also working on making "virtual IPs" that each jail would get. We are also working on being able to move the processes while running (w/ network connections) from machine to machine w/o needing any state on initial machine.
