Updated BSD Jail LSM patch

From: Serue Hallyen (serue@private)
Date: Thu Jan 08 2004 - 14:58:42 PST

  • Next message: Petr Baudis: "Re: Updated BSD Secure Levels Patch"

    Attached is a new BSD Jail patch.  This version abuses /proc so as to
    prevent jailed processes from seeing other processes which are not in
    the same jail.  So long as proc is mounted under /newimage/proc, a
    process jailed under /newimage which does 'ps -auxw' will see only other
    processes under the same jail.
    I've started to also hack /proc/net/dev so as to only show the network
    device which a jailed process is authorized to use.  However, I probably
    won't be able to finish that very soon, and this extensions seems worth
    sending out now.
    Any comments are as always appreciated.

    This archive was generated by hypermail 2b30 : Thu Jan 08 2004 - 14:58:52 PST