Updated BSD Jail LSM patch

From: Serue Hallyen (serue@private)
Date: Thu Jan 08 2004 - 14:58:42 PST

Next message: Petr Baudis: "Re: Updated BSD Secure Levels Patch"

Previous message: Michael Halcrow: "Re: [PATCH] BSD Secure Levels, w/out magicpath"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Attached is a new BSD Jail patch.  This version abuses /proc so as to
prevent jailed processes from seeing other processes which are not in
the same jail.  So long as proc is mounted under /newimage/proc, a
process jailed under /newimage which does 'ps -auxw' will see only other
processes under the same jail.

I've started to also hack /proc/net/dev so as to only show the network
device which a jailed process is authorized to use.  However, I probably
won't be able to finish that very soon, and this extensions seems worth
sending out now.

Any comments are as always appreciated.

thanks,
-serge

text/x-patch attachment: jail.diff__charset_UTF-8

Next message: Petr Baudis: "Re: Updated BSD Secure Levels Patch"
Previous message: Michael Halcrow: "Re: [PATCH] BSD Secure Levels, w/out magicpath"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 08 2004 - 14:58:52 PST