Date: Thu, 9 Nov 2006 09:40:53 +0100 From: Patrick Proniewski <patpro@patpro.net> To: "mal content" <artifact.one@googlemail.com> Cc: freebsd-security@freebsd.org Subject: Re: Sandboxing Message-ID: <37D5C0BC-8103-4117-9FDC-35A074FAAEA4@patpro.net> In-Reply-To: <8e96a0b90611090017x5375ed18jf3748c685ce8d2a6@mail.gmail.com> References: <8e96a0b90611080439n558022edj79febf458494ef6e@mail.gmail.com> <8e96a0b90611080441t2b486637ya10acd5a1dd77690@mail.gmail.com> <44irhq6ngd.fsf@be-well.ilk.org> <20061108142306.GA64711@owl.midgard.homeip.net> <8e96a0b90611082359jbc85b37kad6109a0aa87598@mail.gmail.com> <Pine.NEB.4.64.0611090005540.15626@luke.xen.prgmr.com> <8e96a0b90611090017x5375ed18jf3748c685ce8d2a6@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9 nov. 06, at 09:17, mal content wrote: >> man jail(8) > > A full jail is quite extreme, don't you think? Besides, it'd be > tricky to allow > a jailed program to write to ~/.mozilla and /tmp. a full jail is for beginners ;) You can jail a program with only minimum /dev/ and libs, like it was done with named before FreeBSD choose to chroot by default. Depending on what you want to jail, it can be more or less complicated. May be MAC and ACL is the way to go for you, I don't know. patpro
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37D5C0BC-8103-4117-9FDC-35A074FAAEA4>