OK, that could be useful, maybe. But don't the many flavors of LSM we've seen endlessly discussed solve the problem of what processes can do, and to whom? Containers to associate processes together to be managed as a group strategy (scheduling priority, permissions, etc) makes sense to me, but doesn't seem to need pid hiding. Just making processes invisible to each other by pid seems a bit fishy as a security mechanism. It reminds me of using chroot for security, which seems to be in disrepute: http://kerneltrap.org/Linux/Abusing_chroot Or is it more just lightweight virtualization?
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds