From owner-cvs-src-old@FreeBSD.ORG  Sat May 14 17:02:13 2011
Return-Path: <owner-cvs-src-old@FreeBSD.ORG>
Delivered-To: cvs-src-old@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5E37D106564A
	for <cvs-src-old@freebsd.org>; Sat, 14 May 2011 17:02:13 +0000 (UTC)
	(envelope-from pjd@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 31AEA8FC08
	for <cvs-src-old@freebsd.org>; Sat, 14 May 2011 17:02:13 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.4/8.14.4) with ESMTP id p4EH2D0p080373
	for <cvs-src-old@freebsd.org>; Sat, 14 May 2011 17:02:13 GMT
	(envelope-from pjd@repoman.freebsd.org)
Received: (from svn2cvs@localhost)
	by repoman.freebsd.org (8.14.4/8.14.4/Submit) id p4EH2DsC080372
	for cvs-src-old@freebsd.org; Sat, 14 May 2011 17:02:13 GMT
	(envelope-from pjd@repoman.freebsd.org)
Message-Id: <201105141702.p4EH2DsC080372@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to
	pjd@repoman.freebsd.org using -f
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
Date: Sat, 14 May 2011 17:02:03 +0000 (UTC)
To: cvs-src-old@freebsd.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sbin/hastctl hastctl.c src/sbin/hastd primary.c
 secondary.c subr.c subr.h
X-BeenThere: cvs-src-old@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the src tree
	<cvs-src-old.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src-old>
List-Post: <mailto:cvs-src-old@freebsd.org>
List-Help: <mailto:cvs-src-old-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src-old>,
	<mailto:cvs-src-old-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 14 May 2011 17:02:13 -0000

pjd         2011-05-14 17:02:03 UTC

  FreeBSD src repository

  Modified files:
    sbin/hastctl         hastctl.c 
    sbin/hastd           primary.c secondary.c subr.c subr.h 
  Log:
  SVN rev 221899 on 2011-05-14 17:02:03Z by pjd
  
  Currently we are unable to use capsicum for the primary worker process,
  because we need to do ioctl(2)s, which are not permitted in the capability
  mode. What we do now is to chroot(2) to /var/empty, which restricts access
  to file system name space and we drop privileges to hast user and hast
  group.
  
  This still allows to access to other name spaces, like list of processes,
  network and sysvipc.
  
  To address that, use jail(2) instead of chroot(2). Using jail(2) will restrict
  access to process table, network (we use ip-less jails) and sysvipc (if
  security.jail.sysvipc_allowed is turned off). This provides much better
  separation.
  
  MFC after:      1 week
  
  Revision  Changes    Path
  1.13      +1 -1      src/sbin/hastctl/hastctl.c
  1.72      +1 -1      src/sbin/hastd/primary.c
  1.39      +1 -1      src/sbin/hastd/secondary.c
  1.10      +40 -18    src/sbin/hastd/subr.c
  1.6       +1 -1      src/sbin/hastd/subr.h