Quoting Serge E. Hallyn ([EMAIL PROTECTED]) >Quoting Joshua Hudson ([EMAIL PROTECTED]): > Why would you want a virtual network device implementation? The whole > >So that a jailed process can use the net but can't use your network >address (intercept ssh, imap/stunnel, etc).
[snip] >But in the end vserver with read-only bind mounts seems a better way to >go imo. Latest version of linux vserver source: 100K bzipped Latest version of linux-jail: 34K uncompressed To build a virtual network device requires code for the device, code for routing the device in the kernel, some way to tell the router that this machine is hosted through the host machine's ethernet card, and control of which processes use which network devices. Way too much work for something intended to be simple and have essentially no overhead. All this work only gets jailed processes the ability to use 127.0.0.1. The rest I can already do with eth0:1 and the specs for jail(2) from BSD. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
