Hi, > I was quiet amazed about the smooth implementation of bsdjail lsm. Why, thank you. It's always great to see variations on a theme. However, two responses: > bugging but also takes quiet some time for maintaining. Not to > mention wasted disk space used by files all jails have in common > (/[s]bin and /lib, at least). This could also be gotten around using "mount --bind". This would be even more practical if per-mount readonly flags were implemented. (I thought there was a patch for 2.6.0, but it doesn't seem to be in 2.6.6). In the source code, in gtsec_socket_unix_bind, you mention: > /* > * Serge Hallyn has this in his bsdjail LSM. > * Why? A socket may certainly have a name. But what has this to do with > * being inside a jail or not ? > > sunaddr = (struct sockaddr_un *)address; > if (sunaddr->sun_path[0] != 0) > return 0; > */ Linux actually provides two unix socket namespaces. The traditional pathname based sockets can be controlled using file system permissions. The abstract namespace is not tied to the filesystem. This type of socket is indicated by making the first character of the name '\0'. So '/dev/log' is tied to the file /dev/log, but '\0/dev/log' is in a completely different namespace and has nothing to do with the file /dev/log. (See net/unix/af_unix.c:unix_bind() for the details) thanks, -serge
This archive was generated by hypermail 2b30 : Sun May 16 2004 - 14:41:21 PDT