> Instead, another possibility is the use of SELinux - I say that because > Antoine Martin some time ago has written a SELinux policy and possibly he's > going to share that, on request, after some tidyup (that's possibly needed). I intend to publish my policy files with some help and explanation soon. The main difficulty is in allowing the system management and startup scripts to mount/unmount, chroot and modify the setup: intrinsically this is going to be tightly linked to the host's setup. Actually containing a running guest instance is relatively easy, only the networking restrictions require tweaks - as they depend on the host's setup.
Antoine ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ User-mode-linux-user mailing list User-mode-linux-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
