Date: Wed, 27 Jan 1999 11:48:16 +0100 From: Poul-Henning Kamp <phk@FreeBSD.ORG> To: current@FreeBSD.ORG Subject: "JAIL" code headed for -current. Message-ID: <29763.917434096@critter.freebsd.dk>
next in thread | raw e-mail | index | archive | help
I'm polishing up the "JAIL" code I wrote and readying it for -current. This code provides an optional strenthening of the chroot() jail as we know it, and will provide safe sandboxes for most practical uses. The biggest impact of this is a new argument to the suser() call all over the kernel: suser(NOJAIL, bla, bla); or suser(0, bla, bla); The NOJAIL option means that a jailed root fails the test. I will add this extra arg to suser() in the first commit. Each Jail can optionally be assigned one IP number, which they have access to. All connections to and from that jail will use that IP#. If there is interest, this code will be merged to 3.1 as well. This work was sponsored by: www.servetheweb.com -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?29763.917434096>