TOMOYO

Fork

[tomoyo-dev-en 65] Re: UUID: Simple process isolation module

Tetsuo Handa from-****@I-lov*****
Fri Dec 24 11:09:52 JST 2010

• Previous message: [tomoyo-dev-en 64] Re: UUID: Simple process isolation module
• Next message: [tomoyo-dev-en 66] Re: UUID: Simple process isolation module
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

After testing uuid module on libvirtd , it turned out that automatically
assigning unique id1 does not work, for libvirtd might be restarted without
restarting qemu-kvm .

If qemu-kvm was started by libvirtd with id1 = 1, that qemu-kvm has id1 = 1.
When libvirtd get restarted, libvirtd will get id1 = 2. In that case, libvirtd
can't communicate with already running qemu-kvm because qemu-kvm has id1 = 1.

Therefore, libvirtd needs to explicitly tell uuid module which id to assign.
Thus, I modified uuid module to use uuid. (Saved as uuid2.c in revision 118.)
Usage has changed. There is /proc/uuid interface that assigns uuid for current
thread. For example, doing

  echo hello > /proc/uuid

 from term1 and doing

  echo world > /proc/uuid

 from term2 makes term1 and term2 mutually isolated.

I'm planning to add open()/execute() restrictions to this module but not
yet implemented.

• Previous message: [tomoyo-dev-en 64] Re: UUID: Simple process isolation module
• Next message: [tomoyo-dev-en 66] Re: UUID: Simple process isolation module
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]