From owner-freebsd-current  Wed Jan 27 11:47:14 1999
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA00717
          for freebsd-current-outgoing; Wed, 27 Jan 1999 11:47:14 -0800 (PST)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from roma.coe.ufrj.br (roma.coe.ufrj.br [146.164.53.65])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA00689;
          Wed, 27 Jan 1999 11:47:02 -0800 (PST)
          (envelope-from jonny@jonny.eng.br)
Received: (from jonny@localhost)
	by roma.coe.ufrj.br (8.8.8/8.8.8) id RAA28507;
	Wed, 27 Jan 1999 17:46:45 -0200 (EDT)
	(envelope-from jonny)
From: Joao Carlos Mendes Luis <jonny@jonny.eng.br>
Message-Id: <199901271946.RAA28507@roma.coe.ufrj.br>
Subject: Re: "JAIL" code headed for -current.
In-Reply-To: <29763.917434096@critter.freebsd.dk> from Poul-Henning Kamp at "Jan 27, 1999 11:48:16 am"
To: phk@FreeBSD.ORG (Poul-Henning Kamp)
Date: Wed, 27 Jan 1999 17:46:45 -0200 (EDT)
Cc: current@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL43 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

#define quoting(Poul-Henning Kamp)
// I'm polishing up the "JAIL" code I wrote and readying it for -current.
// 
// This code provides an optional strenthening of the chroot() jail
// as we know it, and will provide safe sandboxes for most practical
// uses.
// 
// The biggest impact of this is a new argument to the suser() call
// all over the kernel:
// 
// 	suser(NOJAIL, bla, bla);
// or
// 	suser(0, bla, bla);
// 
// The NOJAIL option means that a jailed root fails the test.

Do you have a list of which tests will receive this option ?

// I will add this extra arg to suser() in the first commit.
// 
// Each Jail can optionally be assigned one IP number, which they
// have access to.  All connections to and from that jail will
// use that IP#.

This looks interesting.  How would you specify the IP to use ?

					Jonny

--
Joao Carlos Mendes Luis            M.Sc. Student
jonny@jonny.eng.br                 Universidade Federal do Rio de Janeiro
"This .sig is not meant to be politically correct."

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message