tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: RFC: New security model secmodel_securechroot(9)

On Nov 29,  7:06am, Joerg Sonnenberger wrote:
} On Sat, Jul 09, 2011 at 12:03:50PM +0300, Aleksey Cheusov wrote:
} >      The securechroot security model is intended to protect the system
} >      against destructive modifications by chroot-ed processes.  If
} >      enabled, secmodel_securechroot applies the following restrictions
} >      to chroot-ed processes.
} >      ·   Module requests are not allowed.
} Does this include automatic loading of modules as side effect of actions
} or not?

     This should be fine.  When autoloading, it will only use the
system path and doesn't follow chroot.

} >      ·   Firewall-related operations such as modification of packet
} >          filtering rules or modification of NAT rules are not allowed.
} Table manipulation is a valid use case of a chroot, especially a
} restricted chroot. Consider FTP proxies as example.

     Manipulating global state is a pretty major exception considering
the rest of the stuff here.  If you want that, then don't use this

}-- End of excerpt from Joerg Sonnenberger

Home | Main Index | Thread Index | Old Index