Hi,
This patch makes it possible to run vservers in xen (i386).
There might be security, meltdown and KillAndEatMyDog problems.
It compiles (for me) and I can run vserver start ...
Description:
Add syscall 273: sys_vserver
Include vserver Kconfig
Regards,
Kristian.
Begin xen-vserver.patch
diff -NurpP --minimal arch/xen/i386/kernel/entry.S
arch/xen/i386/kernel/entry.S
--- arch/xen/i386/kernel/entry.S 2004-11-17 23:51:47.000000000 +0100
+++ arch/xen/i386/kernel/entry.S 2004-11-20 16:46:07.000000000 +0100
@@ -1004,7 +1004,7 @@ ENTRY(sys_call_table)
.long sys_tgkill /* 270 */
.long sys_utimes
.long sys_fadvise64_64
- .long sys_ni_syscall /* sys_vserver */
+ .long sys_vserver
.long sys_mbind
.long sys_get_mempolicy
.long sys_set_mempolicy
diff -NurpP --minimal arch/xen/Kconfig arch/xen/Kconfig
--- arch/xen/Kconfig 2004-11-17 23:51:41.000000000 +0100
+++ arch/xen/Kconfig 2004-11-20 16:43:24.000000000 +0100
@@ -159,6 +159,8 @@ source "arch/xen/Kconfig.drivers"
source "fs/Kconfig"
+source "kernel/vserver/Kconfig"
+
source "security/Kconfig"
source "crypto/Kconfig"
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel
On Tue, 22 Feb 2005, "Kristian F. Høgh" wrote:> It compiles (for me) and I can run vserver start ...> - .long sys_ni_syscall /* sys_vserver */ > + .long sys_vserverBut it only compiles for you because you have the vserver patch applied. A system without the vserver patch would not have a sys_vserver function in the kernel, so this would go wrong. -- "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." - Brian W. Kernighan
* Rik van Riel (riel@redhat.com) wrote:> On Tue, 22 Feb 2005, "Kristian F. Høgh" wrote: > > > It compiles (for me) and I can run vserver start ... > > > - .long sys_ni_syscall /* sys_vserver */ > > + .long sys_vserver > > But it only compiles for you because you have the vserver > patch applied. A system without the vserver patch would > not have a sys_vserver function in the kernel, so this > would go wrong.Hehe, it should be fine...maybe you forgot you committed that change to mainline ;-)) D 1.69 03/10/01 06:53:17-07:00 riel@surriel.com[torvalds] 98 97 1/0/883 P arch/i386/kernel/entry.S C syscall number for vserver cheers, -chris ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95&alloc_id396&op=click _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
On Wed, 23 Feb 2005, Chris Wright wrote:> > > - .long sys_ni_syscall /* sys_vserver */ > > > + .long sys_vserver> Hehe, it should be fine...maybe you forgot you committed that change to > mainline ;-)) > > D 1.69 03/10/01 06:53:17-07:00 riel@surriel.com[torvalds] 98 97 1/0/883 > P arch/i386/kernel/entry.S > C syscall number for vserverThe line I added was the one with the - in front of it: $ grep vserver arch/i386/kernel/entry.S .long sys_ni_syscall /* sys_vserver */ -- "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." - Brian W. Kernighan ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
* Rik van Riel (riel@redhat.com) wrote:> The line I added was the one with the - in front of it: > > $ grep vserver arch/i386/kernel/entry.S > .long sys_ni_syscall /* sys_vserver */Sorry Rik, I completely misread your mail, thought it said the patch wouldn''t apply unless the vserver patch hadn''t already been applied. cheers, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel