Hi, > I'm really interested in resurrecting this project, or perhaps something > like it. I've been wanting to dig deeper into some of the internals of > NetBSD for a while now anyway, and a project such as this might just give me > the excuse I've been looking for. :) that was what I was wishing for quite a time now and planned to do it myself, but I don't have the time. > However -- in my somewhat limited knowledge of NetBSD internals, I realised > that rather than have something separate such as Mult, it might just as > easily be worthwhile hooking this into the kauth subsystem directly? What > would others think? Ultimately, I have the following questions (not in any > order per se): > > 1. Is this feature something NetBSD would appreciate? (Hello, NFI. ;)) > 2. If this email is not on the right list, kindly forward it to the > relevant one, and let me know which list I ought to be subscribed to. > :) > 3. If someone could point me to any relevant people for contact on this, > and/or relevant documentation, that too would be appreciated. 1. I think, the project appreciates every work that is done, especially if it is that useful. 2. Perhaps the tech-*-lists would be good as you have to jail a system in nearly every subsystem. For generic questions this list is good, for more technical you could have a look at tech-kern. 3. This is rather difficult... There was a project presented by Christoph Badura in 2008 called 'gaols' on a *BSDCon (Asia?). He did exactly what you wanted to do, implement jails in kauth. You can get the link for that here: http://www.feyrer.de/NetBSD/bx/blosxom.cgi/nb_20080409_0000.html But he ran into some problems and limits of kauth where kauth does not provide what you need. > I am just not sure where best to start, and hoping I can find someone with > enough interest in this feature who knows enough about the NetBSD internals > to shove me in the right direction -- if that's via an individual rather > than a mailing list, kindly forward this email on to them, and let me know, > so as not to waste anyone's time. I don't know if there is a single person who has the time to give you single lessons... But a project like this would have a big scope anyway, so reading books should be better in this case. Imho, you need a very deep knowledge of the system to implement this and consider all the security risks which are not covered by kauth. Anyway, for the beginning just implementing a jail in the kauth-scope, so using all the hooks you can, would imho be still nice. The best way to start reading are imho the kauth- and sysctl-manpages. > Thanks all for you time, and hopefully I've initially sent this to the right > list first of all. As this is a more generic question, I think, this list should be right. Regards, Julian
Attachment:
signature.asc
Description: PGP signature