NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Mult and process isolation (kauth perhaps?)
On Thu, Oct 21, 2010 at 09:22:52PM +0100, Thomas Adam wrote:
> Hi all,
>
> So I've been curious for a while now about whether it's feasible or even
> desirable to have some form of native jail implementation in NetBSD. Then I
> realised that I'd seen a video a few years ago about process isolation and
> something called Mult [1] -- but unfortunately that seems more or less
> shelved (and given that it's been two years since anyway, that code, even if
> it were available might be subject to huge bit-rot anyway.)
It is just my personal opinion that it's most desirable to
have in NetBSD a capabilities framework such as Capsicum
<http://www.cl.cam.ac.uk/research/security/capsicum/>, which need not be
and should not be implemented in terms of kauth.
See the discussion at
<http://mail-index.netbsd.org/tech-kern/2010/09/24/msg008874.html>.
Dave
--
David Young OJC Technologies
dyoung%ojctech.com@localhost Urbana, IL * (217) 278-3933
Home |
Main Index |
Thread Index |
Old Index