LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Qubes beta 1 released

Qubes beta 1 released

Posted Apr 13, 2011 23:29 UTC (Wed) by dlang (✭ supporter ✭, #313)
In reply to: Qubes beta 1 released by skissane
Parent article: Qubes beta 1 released

with namespaces, this is a concept that applies to linux as well

(Log in to post comments)

Qubes beta 1 released

Posted Apr 14, 2011 1:29 UTC (Thu) by skissane (subscriber, #38675) [Link]

UID namespaces in Linux are only a single-level hierarchy right? namespace.uid. My understanding was that VSTa provided a hierarchy of arbitrary depth. Also, you need special privilege to create a new namespace right? I thought the idea with VSTa, was that any process can create a sub-uid under its current uid, no special privilege required...

Qubes beta 1 released

Posted Apr 14, 2011 16:56 UTC (Thu) by elanthis (guest, #6227) [Link]

SELinux roles provide something similar, as well. Unfortunately, only if using SELinux.

I'd really, really, really like to see the core roles stuff enter the mainstream POSIX/Linux interface. Not the full domain management stuff of SELinux, but just enough to control file access and do PID checks to see which process are running in which roles (while still allowing them to belong to a specific user).

You can _almost_ emulate roles using groups, newgrp, group passwords, and so on, except that a process can drop its groups.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds