Attached is a new bsdjail.c for 2.6.3, which includes two new features: * If a private IP was specified for the jail, then cat /proc/net/dev * shows no information, and /sbin/ifconfig -a will only show the info * for the private network device. This is not so much meant to protect * the rest of the system, as it is to be helpful to whoever is working * within the jail. * * Cat /proc/<pid>/attr/exec returns -EINVAL if the reading process is * in a jail. Otherwise, it returns information about the root and ip * for the target process, or "Not Jailed" if the target process is not * jailed. The implementation of the networking feature most certainly is ugly, and I'm open to suggestions for "a better way"! Again, it's meant as a convenience to those operating within the jail, who otherwise would have to play some games to figure out which of the 10 aliases for eth0 is actually theirs. -- ======================================================= Serge Hallyn Security Software Engineer, IBM Linux Technology Center serue@private
This archive was generated by hypermail 2b30 : Fri Mar 05 2004 - 11:04:12 PST