Re: RFC: New security model secmodel_securechroot(9)

To: Aleksey Cheusov <cheusov%tut.by@localhost>
Subject: Re: RFC: New security model secmodel_securechroot(9)
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Sat, 9 Jul 2011 14:08:58 -0400

On Sat, Jul 09, 2011 at 12:03:50PM +0300, Aleksey Cheusov wrote:
> Hello.
> 
> I've implemented new security model based on kauth(9) framework,
> secmodel_securechroot(9).  Its purpose is to completely isolate
> chrooted processes from the host system, that is to prevent all destructive
> changes by chrooted processes even if they are run under root privileges
> and to prevent access to processes outside the chroot.

I like this.

However, I'd like to see a different system call used to enter the chroot
in this case, so that it's possible to have a normal, less-restricted
chroot at the same time.

Thor

Follow-Ups:
- Re: RFC: New security model secmodel_securechroot(9)
  - From: Jean-Yves Migeon

References:
- RFC: New security model secmodel_securechroot(9)
  - From: Aleksey Cheusov

Prev by Date: Re: RFC: New security model secmodel_securechroot(9)
Next by Date: Re: RFC: New security model secmodel_securechroot(9)
Previous by Thread: Re: RFC: New security model secmodel_securechroot(9)
Next by Thread: Re: RFC: New security model secmodel_securechroot(9)
Indexes:

Home | Main Index | Thread Index | Old Index