ADded a readme

author Sapan Bhatia <gwsapan@gmail.com>

Tue, 24 Apr 2012 06:53:14 +0000 (02:53 -0400)

committer Sapan Bhatia <gwsapan@gmail.com>

Tue, 24 Apr 2012 06:53:14 +0000 (02:53 -0400)
author Sapan Bhatia <gwsapan@gmail.com>
Tue, 24 Apr 2012 06:53:14 +0000 (02:53 -0400)
committer Sapan Bhatia <gwsapan@gmail.com>
Tue, 24 Apr 2012 06:53:14 +0000 (02:53 -0400)
diff --git a/README b/README

index e69de29..ce04a54 100644 (file)
--- a/README
+++ b/README
@@ -0,0 +1,7 @@
+This module enables you to protect entries in /proc from untrusted users running in LXC containers. To use it:
+- Load the module
+- Add /proc entries to the blacklist by running echo "path-to-proc-entry" > /proc/procprotect
+
+Caveats and todos:
+- Only protects opens, not listings
+- The ACL mechanism is currently very simple. Permission is denied to containers that have a non-root mount namespace. This will eventually be extended to cgroup-style ACLs.
author	Sapan Bhatia <gwsapan@gmail.com>
	Tue, 24 Apr 2012 06:53:14 +0000 (02:53 -0400)
committer	Sapan Bhatia <gwsapan@gmail.com>
	Tue, 24 Apr 2012 06:53:14 +0000 (02:53 -0400)