Re: very amazing, that bsdjail module

From: Serge Hallyn (serue@private)
Date: Wed Jan 28 2004 - 06:34:37 PST

  • Next message: Chris Wright: "Re: [PATCH][RFC] Security mount data & sb_copy_data hook."

    > Just wanted to say that I'm very amazed by your bsdjail module. The
    > december patch works just great and seems to give a very solid jail.
    > Just found the january patch which I'll try later. Linux needs this
    > patch.
    as you are testing the january jail patch, please let me know if you
    find any usability shortcomings/missing features.  In particular, the
    actual Jail in BSD mangles ioctl output so that an ifconfig in a jail
    returns the jail's fake ip address.  The bsdjail LSM does not do that
    yet.  I'm curious how important this is to potential bsdjail users,
    since implementing this feature will be darned ugly.
    Serge Hallyn
    Security Software Engineer, IBM Linux Technology Center

    This archive was generated by hypermail 2b30 : Wed Jan 28 2004 - 06:34:02 PST