security_task_lookup plus bsdjail patches

From: Serge E. Hallyn (serue@private)
Date: Wed Sep 01 2004 - 14:06:28 PDT


Attached are a BSD Jail patch without the network device hooks :(, but using
the new security_task_lookup hook to hide /proc/<pid> as much as possible.
The network ioctl abuse was also removed, leaving a jail user with only
`cat /proc/$$/attr/current` to list the valid IP addresses.

Hopefully this will be going to LKML next.

Comments much appreciated.

thanks,
-serge






This archive was generated by hypermail 2.1.3 : Wed Sep 01 2004 - 14:09:10 PDT