Re: jail() system call (was Re: prevent breaking a chroot() jail?)

Chris Wright (chris@wirex.com)
Thu, 11 Jul 2002 16:56:36 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Rusty Russell: "Re: Rusty's module talk at the Kernel Summit"
Previous message: Alan Cox: "Re: Athlon + Athlon optimized kernel => _mmx_mmcpy problems"
In reply to: Shaya Potter: "jail() system call (was Re: prevent breaking a chroot() jail?)"

* Shaya Potter (spotter@cs.columbia.edu) wrote:
> Wow, this is what I need. Would there be any interest in having this
> syscall in Linux, as I need to design something like this anyways for
> the research we are doing.
>
> A first stab implementation would probably be as a module (as our
> research is based on a being usable just as a loadable module, w/o any
> direct kernel patch need, therefore until something is accepted into the
> kernel, we would need it like this), but we'd prefer it, and it
> definitely would be cleaner to have the jail tests integrated into the
> syscall and not wrapped by the module.

You could implement this policy in a security module.
http://lsm.immunix.org.

I don't believe you can do all of jail() with just capabilities, and as
a module it can always be extended.

thanks,
-chris

-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Rusty Russell: "Re: Rusty's module talk at the Kernel Summit"
Previous message: Alan Cox: "Re: Athlon + Athlon optimized kernel => _mmx_mmcpy problems"
In reply to: Shaya Potter: "jail() system call (was Re: prevent breaking a chroot() jail?)"