Subject: Re: chroot(2)
To: NetBSD Kernel Technical Discussion List <tech-kern@netbsd.org>
From: Greg A. Woods <woods@most.weird.com>
List: tech-kern
Date: 10/02/1998 01:36:34
[ On , October 1, 1998 at 22:19:28 (-0700), Michael Graff wrote: ]
> Subject: Re: chroot(2)
>
> I'd also like to have user and group level access to TCP/UDP ports.
> That way, I can start up named in a chroot()ed directory, as a
> non-root user, and still have it open port 53 at will.

Couldn't we do this quite quickly by simply getting the portal
filesystem into shape (eg. switch the order so for your example you'd
simply open "portalfs/udp/domain/\*" to listen for UDP DNS queries on
port 53)?  Nothing new should be necessary to make this work in a
chroot() jail.

Then filesystem permissions could be used to implement user and group
level access controls on socket access offered by .  An as yet
un-available translucent filesystem layer could be used for persistent
storage of various attributes such as permissions and ownership.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>