Date: Wed, 25 Apr 2001 12:27:13 -0700 From: Alfred Perlstein <bright@wintelcom.net> To: Matt Dillon <dillon@earth.backplane.com> Cc: Poul-Henning Kamp <phk@critter.freebsd.dk>, hackers@FreeBSD.ORG Subject: Re: Idea for additional feature for jail - jailed security level Message-ID: <20010425122712.P1790@fw.wintelcom.net> In-Reply-To: <200104251923.f3PJNcD41451@earth.backplane.com>; from dillon@earth.backplane.com on Wed, Apr 25, 2001 at 12:23:38PM -0700 References: <74643.988226120@critter> <200104251923.f3PJNcD41451@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* Matt Dillon <dillon@earth.backplane.com> [010425 12:24] wrote: > > But if we have the ability to run at a higher securelevel inside a jail > we can allow console-root logins to access the system at the global > securelevel of -1 yet force every single other login to the system and > *ALL* services to run inside a jail (chroot to "/" essentially) with > a higher securelevel. > > Enforcing the securelevel combined with the use of chflags inside > a prison, plus idea #2, gives us much more flexibility then the > hardwired restrictions jail() currently employs. That's a really cool idea, you should talk to Robert Watson who's working on "jailNG" though. -- -Alfred Perlstein - [alfred@freebsd.org] Instead of asking why a piece of software is using "1970s technology," start asking why software is ignoring 30 years of accumulated wisdom. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010425122712.P1790>