Date: Wed, 27 Jan 1999 09:34:51 -0800 (PST) From: Jaye Mathisen <mrcpu@internetcds.com> To: Poul-Henning Kamp <phk@FreeBSD.ORG> Cc: current@FreeBSD.ORG Subject: Re: "JAIL" code headed for -current. Message-ID: <Pine.NEB.3.95.990127093443.27570o-100000@schizo.cdsnet.net> In-Reply-To: <29763.917434096@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Consider this interest. On Wed, 27 Jan 1999, Poul-Henning Kamp wrote: > > I'm polishing up the "JAIL" code I wrote and readying it for -current. > > This code provides an optional strenthening of the chroot() jail > as we know it, and will provide safe sandboxes for most practical > uses. > > The biggest impact of this is a new argument to the suser() call > all over the kernel: > > suser(NOJAIL, bla, bla); > or > suser(0, bla, bla); > > The NOJAIL option means that a jailed root fails the test. > > I will add this extra arg to suser() in the first commit. > > Each Jail can optionally be assigned one IP number, which they > have access to. All connections to and from that jail will > use that IP#. > > If there is interest, this code will be merged to 3.1 as well. > > This work was sponsored by: www.servetheweb.com > > -- > Poul-Henning Kamp FreeBSD coreteam member > phk@FreeBSD.ORG "Real hackers run -current on their laptop." > FreeBSD -- It will take a long time before progress goes too far! > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-current" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.95.990127093443.27570o-100000>