Date: Sat, 14 May 2011 17:02:03 +0000 (UTC) From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sbin/hastctl hastctl.c src/sbin/hastd primary.c secondary.c subr.c subr.h Message-ID: <201105141702.p4EH2DsC080372@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
pjd 2011-05-14 17:02:03 UTC FreeBSD src repository Modified files: sbin/hastctl hastctl.c sbin/hastd primary.c secondary.c subr.c subr.h Log: SVN rev 221899 on 2011-05-14 17:02:03Z by pjd Currently we are unable to use capsicum for the primary worker process, because we need to do ioctl(2)s, which are not permitted in the capability mode. What we do now is to chroot(2) to /var/empty, which restricts access to file system name space and we drop privileges to hast user and hast group. This still allows to access to other name spaces, like list of processes, network and sysvipc. To address that, use jail(2) instead of chroot(2). Using jail(2) will restrict access to process table, network (we use ip-less jails) and sysvipc (if security.jail.sysvipc_allowed is turned off). This provides much better separation. MFC after: 1 week Revision Changes Path 1.13 +1 -1 src/sbin/hastctl/hastctl.c 1.72 +1 -1 src/sbin/hastd/primary.c 1.39 +1 -1 src/sbin/hastd/secondary.c 1.10 +40 -18 src/sbin/hastd/subr.c 1.6 +1 -1 src/sbin/hastd/subr.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201105141702.p4EH2DsC080372>