New BSD Jail

From: Serge Hallyn (serue@private)
Date: Fri May 14 2004 - 13:57:10 PDT

Next message: gt@private: "gtsec LSM"

Previous message: IPSI conference: "Invitation to Montenegro and Sweden vip/bb"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This version does away with the /proc abuse, leaving only the ioctl
abuse to worry about.

Following advice by Brad Spender, it also places controls on inter-jail
usage of IPC and abstract unix domain sockets, and forbids
CAP_SYS_RAWIO.  

-- 
=======================================================
Serge Hallyn
Security Software Engineer, IBM Linux Technology Center
serue@private

text/x-c attachment: bsdjail.c__charset_UTF-8

Next message: gt@private: "gtsec LSM"
Previous message: IPSI conference: "Invitation to Montenegro and Sweden vip/bb"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 14 2004 - 13:58:27 PDT