FS#13486 - Requesting support for smack, linux containers
Attached to Project:
Arch Linux
Opened by Shridhar Daithankar (ghodechhap) - Wednesday, 25 February 2009, 15:22 GMT
Last edited by Tobias Powalowski (tpowa) - Thursday, 26 March 2009, 20:42 GMT
Opened by Shridhar Daithankar (ghodechhap) - Wednesday, 25 February 2009, 15:22 GMT
Last edited by Tobias Powalowski (tpowa) - Thursday, 26 March 2009, 20:42 GMT
|
Details
Description:
Hello, Could we please enable following two features to the stock arch kernel - smack Smack is a security infrastructure that is part of linux kernel. It offers functionality similar to selinux but much simpler. Most importantly, even after enabling smack, the system remains functional. It does not require altering entire file system to be functional. It depends upon netlabel only. It can work correctly even as a module. links http://schaufler-ca.com/ http://www.mjmwired.net/kernel/Documentation/Smack.txt - linux containers linux containers offers enhanced lightweight containers similar to solaris zones. It is expected that all the functionality will be in the mainline kernel by 2.6.29. The overview document details the necessary kernel config options. Links: http://lxc.sourceforge.net/lxc.html Additional info: * package version(s) Kernel 2.6.29 * config and/or log files etc. None Steps to reproduce: N/A |
This task depends upon
Closed by Tobias Powalowski (tpowa)
Thursday, 26 March 2009, 20:42 GMT
Reason for closing: Won't implement
Thursday, 26 March 2009, 20:42 GMT
Reason for closing: Won't implement
this feature seems to be not well testing and of rarely usage. please disable it until we found a fix or the reason why iot breaks things:
see also
http://kerneltrap.org/mailarchive/linux-kernel/2008/10/26/3813264/thread
maybe building it as a module could be a solution. then i could blacklist it.