Re: very amazing, that bsdjail module

From: Serge Hallyn (serue@private)
Date: Wed Jan 28 2004 - 06:34:37 PST

Next message: Chris Wright: "Re: [PATCH][RFC] Security mount data & sb_copy_data hook."

Previous message: Michael Halcrow: "[PATCH] Seclvl and modules page"
In reply to: Sander: "very amazing, that bsdjail module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Just wanted to say that I'm very amazed by your bsdjail module. The
> december patch works just great and seems to give a very solid jail.
> Just found the january patch which I'll try later. Linux needs this
> patch.

Hi,

as you are testing the january jail patch, please let me know if you
find any usability shortcomings/missing features.  In particular, the
actual Jail in BSD mangles ioctl output so that an ifconfig in a jail
returns the jail's fake ip address.  The bsdjail LSM does not do that
yet.  I'm curious how important this is to potential bsdjail users,
since implementing this feature will be darned ugly.

thanks,
-serge

-- 
=======================================================
Serge Hallyn
Security Software Engineer, IBM Linux Technology Center
serue@private

Next message: Chris Wright: "Re: [PATCH][RFC] Security mount data & sb_copy_data hook."
Previous message: Michael Halcrow: "[PATCH] Seclvl and modules page"
In reply to: Sander: "very amazing, that bsdjail module"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 28 2004 - 06:34:02 PST