Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 22 Oct 1999 00:01:05 +0200
From:      Poul-Henning Kamp <phk@critter.freebsd.dk>
To:        Robert Watson <robert+freebsd@cyrus.watson.org>
Cc:        Dag-Erling Smorgrav <des@flood.ping.uio.no>, hackers@FreeBSD.ORG, security@FreeBSD.ORG
Subject:   Re: Finer-grained securelevel: proof of concept 
Message-ID:  <6076.940543265@critter.freebsd.dk>
In-Reply-To: Your message of "Thu, 21 Oct 1999 08:41:28 EDT." <Pine.BSF.3.96.991021083426.46884A-100000@fledge.watson.org> 

next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.3.96.991021083426.46884A-100000@fledge.watson.org>, Robert
 Watson writes:
>On 21 Oct 1999, Dag-Erling Smorgrav wrote:
>
>> Patches are available from http://www.freebsd.org/~des/. This is
>> strictly proof-of-concept; the patches demonstrate that fine-grained
>> security knobs can be implemented with minimal code impact. No
>> documentation is provided, RTFS.
>
>Very clean, pretty, etc -- only one object: 

I have been talking to a lot of people over here, and one common
thing seems to be that they want to be able to set these things
differently on a "per jail" basis.

I actually think we should not get into the jail thing, but rather
make them inheritable like other credentials, so the structure
containing the stuff should hang of the proc structure, and hey
wait, we already have this "struct ucred" hanging there.

--
Poul-Henning Kamp             FreeBSD coreteam member
phk@FreeBSD.ORG               "Real hackers run -current on their laptop."
FreeBSD -- It will take a long time before progress goes too far!


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6076.940543265>