security_task_lookup plus bsdjail patches

From: Serge E. Hallyn (serue@private)
Date: Wed Sep 01 2004 - 14:06:28 PDT

Previous message: Stephen Smalley: "Re: Mediating send_sigurg"
Next in thread: Thomas Bleher: "Re: security_task_lookup plus bsdjail patches"
Reply: Thomas Bleher: "Re: security_task_lookup plus bsdjail patches"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Attached are a BSD Jail patch without the network device hooks :(, but using
the new security_task_lookup hook to hide /proc/<pid> as much as possible.
The network ioctl abuse was also removed, leaving a jail user with only
`cat /proc/$$/attr/current` to list the valid IP addresses.

Hopefully this will be going to LKML next.

Comments much appreciated.

thanks,
-serge

text/plain attachment: tasklookup-sep04.diff

text/plain attachment: jail-sep04.diff

Previous message: Stephen Smalley: "Re: Mediating send_sigurg"
Next in thread: Thomas Bleher: "Re: security_task_lookup plus bsdjail patches"
Reply: Thomas Bleher: "Re: security_task_lookup plus bsdjail patches"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Wed Sep 01 2004 - 14:09:10 PDT