From owner-freebsd-hackers Thu Oct 21 15: 1:27 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from critter.freebsd.dk (picasso.transbay.net [209.133.53.6]) by hub.freebsd.org (Postfix) with ESMTP id EF10A15009; Thu, 21 Oct 1999 15:01:20 -0700 (PDT) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.9.3/8.9.2) with ESMTP id AAA06078; Fri, 22 Oct 1999 00:01:05 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Robert Watson Cc: Dag-Erling Smorgrav , hackers@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Finer-grained securelevel: proof of concept In-reply-to: Your message of "Thu, 21 Oct 1999 08:41:28 EDT." Date: Fri, 22 Oct 1999 00:01:05 +0200 Message-ID: <6076.940543265@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message , Robert Watson writes: >On 21 Oct 1999, Dag-Erling Smorgrav wrote: > >> Patches are available from http://www.freebsd.org/~des/. This is >> strictly proof-of-concept; the patches demonstrate that fine-grained >> security knobs can be implemented with minimal code impact. No >> documentation is provided, RTFS. > >Very clean, pretty, etc -- only one object: I have been talking to a lot of people over here, and one common thing seems to be that they want to be able to set these things differently on a "per jail" basis. I actually think we should not get into the jail thing, but rather make them inheritable like other credentials, so the structure containing the stuff should hang of the proc structure, and hey wait, we already have this "struct ucred" hanging there. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message