Date: Wed, 25 Apr 2001 12:33:05 -0700 (PDT) From: Matt Dillon <dillon@earth.backplane.com> To: Alfred Perlstein <bright@wintelcom.net> Cc: Poul-Henning Kamp <phk@critter.freebsd.dk>, hackers@FreeBSD.ORG Subject: Re: Idea for additional feature for jail - jailed security level Message-ID: <200104251933.f3PJX5D41622@earth.backplane.com> References: <74643.988226120@critter> <200104251923.f3PJNcD41451@earth.backplane.com> <20010425122712.P1790@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Another cool feature, which would be harder to implement, would be to have a secondary path for jail which specifies the path under which filesystem modifications can be made (create files, edit files, etc...), and outside of which only read access is permitted. This way you could create a jail with "/" as the chroot yet which still severely restricts the types of filesystem modifications that may be employed outside of some other directory. With a feature like that it would be fairly easy to run apache inside a jailed environment without having to spend a lot of effort creating the environment. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104251933.f3PJX5D41622>