Linux Secure Virtual Hosting Extension

Linux Secure Virtual Hosting Extension

[About Linux Secure Virtual Hosting Extension]
(japanese version)

"Linux Secure Virtual Hosting Extension" is a linux kernel appended new functionality mandatory access control. This kernel enables construct multiple compartments (we called it virtual host environemnt) on a real host. Suppose using this mechanism, evil processes or reckless processes in a compartment cannot infulence to any processes in the other compartment.

[Features]

Achieve low overhead (1 or 2 %)for providing virtual host environment
- Less overhead than Virtual Machine or OS Emulator
- Single OS (cannot run multile OSes).
Enables reservations of CPU time (%) and physical memory (MB) to each virtual host environment.
- Avoid stopping a host when overloaded or under DoS attack
Unnecessary modifying applications.
- Existing binaries can be run on the kernel.
- Exception) Application which accesses raw device (game etc..)

[History]

2002.11.12 linux-svh-1.0.0-alpha is released to internal use only
2003.02.25 linux-svh-1.0.0-RC1 (for linux-2.2.20) is released.
2003.04.30 linux-svh-1.0.1-RC1 (for linux-2.2.20) is released.

[Document]

README (japanese) (english)
INSTALL (japanese) (english)
HOWTO(japanese) (english)
API
- jail(2) (japanese) (english)
- crow_create_reserve(2) (japanese) (english)
Technologies (japanese) (english)

[Download]

Caution: This software is experimental and developing software, so please don't try using it unless you are helping us to develop it. THIS SOFTWARE IS PROVIDED "AS IS" WITH NO WARRANTIES OF ANY KIND INCLUDING THE WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.

kernel patch linux-svh-1.0.1-rc1.patch.gz (based on 2.2.25)
kernel module + utility program util-linux-svh-1.0-rc1.tar.gz

[TODO]

Limitation of number of processes for each virtual host environment
Limitation of number of file discriptors for each virtual host environment
fine grain file access control for each virtual host environment

[Bug report]

If you find any bugs, please send a bug report to yasunori@furuta.com

When you inforn me a bug, please tell me details.

Hardware spec.
Distribution
Build environment(version of gcc, binutils, ...)
Configuration of OS (especially about network)
Configuration of linux-svh
Application and its configuration
Sequence of reproduction of the trouble
etc...

[Developers]

YASUDA Yasunori ( yasunori@furuta.com )
KAJIHARA Masao ( kajimasa@hotmail.com )