From owner-freebsd-security Tue Jan 2 15:41:43 2001 From owner-freebsd-security@FreeBSD.ORG Tue Jan 2 15:41:42 2001 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mail1.javanet.com (mail1.javanet.com [205.219.162.10]) by hub.freebsd.org (Postfix) with ESMTP id A456137B400 for ; Tue, 2 Jan 2001 15:41:41 -0800 (PST) Received: from wintermute.sekt7.org (146-115-75-83.c6-0.brl-ubr1.sbo-brl.ma.cable.rcn.com [146.115.75.83]) by mail1.javanet.com (8.9.3/8.9.2) with ESMTP id SAA18139 for ; Tue, 2 Jan 2001 18:41:41 -0500 (EST) Date: Tue, 2 Jan 2001 18:45:09 -0500 (EST) From: Evan S X-Sender: kaworu@wintermute.sekt7 To: freebsd-security@freebsd.org Subject: Few questions about Jail Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hey, I run a project called Openroot. Basically, Openroot is a computer on my network where I give root access to anyone. Openroot is run inside of a Jail. It has been running for four weeks, without much problems. Although, I am looking to make some modifications to Jail, and I was wondering if someone could point me where to start. (I've already looked at jail.c, and .h) I want the Jail to be able to have a different secure level than the host machine, therefore, I can eliminate the problem of users typing 'chflags schg _filename_' on Openroot, preventing the restore script to work. In order to avoid this, Openroot runs in Securelevel 0, which I do not like, because I'd like to be able to chflags schg login.conf in the Jail's etc directory, to enter a process, memory, and cpu usage limit to prevent fork bombs and such.. Thanks a lot, Evan Sarmiento (kaworu@sektor7.ath.cx) http://sekt7.org/es/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message