[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [redhat-lspp] Re: LSPP Development Telecon 06/19/2006 Minutes
- From: Joe Nall <joe nall com>
- To: "Eric W. Biederman" <ebiederm xmission com>
- Cc: redhat-lspp redhat com, Dave Hansen <haveblue us ibm com>, Andrey Savochkin <saw sw ru>, Ted <txtoth gmail com>, "Serge E. Hallyn" <serue us ibm com>, Daniel Lezcano <dlezcano fr ibm com>
- Subject: Re: [redhat-lspp] Re: LSPP Development Telecon 06/19/2006 Minutes
- Date: Thu, 22 Jun 2006 14:47:31 -0500
On Jun 21, 2006, at 10:19 PM, Eric W. Biederman wrote:
I'm not certain what is meant by a polyinstantiated port, and until
then I can't see if it helps.
Multiple instances of a daemon with different security contexts
listen on the same port on one IP address with no EADDRINUSE. Inbound
connections are matched to a listener by by port, IP address and
security context.
Imagine an Apache installation where the document root, log and pid
files are in a polyinstantiated directory.
runcon -l unclassified -- apachectl start
runcon -l confidential -- apachectl start
runcon -l secret -- apachectl start
runcon -l unclassified -- curl http://localhost/
- shows you the unclassified home page
runcon -l secret -- curl http://localhost/
- shows you the secret home page
With polyinstantiated ports and directories, there is only one
http.conf. This is a beautiful thing in Trusted Solaris, you can run
a properly configured 'stupid daemon' at multiple levels and it just
works. Adding a new level is as simple as adding a new runcon to the
startup script. With a few levels this is not a big deal, with dozens
it is a very big deal.
joe
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]