X-Git-Url: http://git.onelab.eu/?p=procprotect.git;a=blobdiff_plain;f=README;h=ce04a54a95f16bbd33927b6f2e6058d18c7d3024;hp=e69de29bb2d1d6434b8b29ae775ad8c2e48c5391;hb=HEAD;hpb=4cb97ee45625f49174f586628219d1ae04089b60

diff --git a/README b/README
index e69de29..ce04a54 100644
--- a/README
+++ b/README
@@ -0,0 +1,7 @@
+This module enables you to protect entries in /proc from untrusted users running in LXC containers. To use it:
+- Load the module
+- Add /proc entries to the blacklist by running echo "path-to-proc-entry" > /proc/procprotect
+
+Caveats and todos:
+- Only protects opens, not listings
+- The ACL mechanism is currently very simple. Permission is denied to containers that have a non-root mount namespace. This will eventually be extended to cgroup-style ACLs.