Hi all
I have some kernel experience .
done a project on virtualization called System Virtualizations
i don't whether i should be writing this mail on this list or not but still i give it a shot .
Can some one plz let me some idea which i could work on .
to write some module or something .
would really appreciate it .
This is what i have done
PROJECT DEFINITION
To design and implement a framework which by which we can run multiple virtual systems on a single LINUX operating system. Each virtual system has its own packages, its own services, its own users and is confined to using some IP numbers only and some area(s) of the file system. You can think of them as virtual machines. This is done by
1. Grouping process into independent execution environment, which provides a strong partitioning solution, leveraging existing mechanisms
2. Restriction on ROOT user privilege inside independent execution environment
OBJECTIVE:
The implementation relies on restricting access within the independent execution environment which will be a well-defined subset of the overall host environment.
1. ISOLATED PROCESS GROUPS
It is basis of our independent execution environment. consequently the administrator of a Linux machine can partition the machine into separate execution environment and provide access to the super-user account in each of these without losing control of the over-all environment.
2. RESTRICTION ON FILESYSTEM
To implement various chrooted filesystem in providing independent execution environment .Each process group will have their own chrooted environment. We take advantage of the existing chrooted behavior to limit access to the file system and removing vulnerabilities of existing chrooted filesystems like No possible breakout from chrooted environment
3. PRIVATE /PROC FILESYSTEM
Virtualized subsystem command to achieve independent environment like (ps, hostname, uname ?r, free ?). Each group has its own /proc filesystem which give information regarding process in current execution environment
4. PRIVATE IP ADDRESS
Each partition is bound to a single IP address: processes within the partition may not make use of any other IP address for outgoing or incoming connections
5. NO IPC BETWEEN DIFFERENT IEE (independent execution environment)
No inter process communication of any type can occur between different IEE?s. We put restriction on IPC using shared memory and named pipes (FIFO).
6. NO INJECTION OF CODE IN KERNEL AT RUNTIME.
We restrict the use of /dev/kmem file to inject code into the running kernel to get the undue super user privilege outside the IEE?s.
i know this a long mail but plz take some time out a give it a reading .
i want to continue working on the kernel ...
i am currently working in the storage domain ... but not in the kernel hence kindly help .....
thanks in advance
