tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: RFC: New security model secmodel_securechroot(9)



On Sat, Jul 09, 2011 at 12:03:50PM +0300, Aleksey Cheusov wrote:
> Hello.
> 
> I've implemented new security model based on kauth(9) framework,
> secmodel_securechroot(9).  Its purpose is to completely isolate
> chrooted processes from the host system, that is to prevent all destructive
> changes by chrooted processes even if they are run under root privileges
> and to prevent access to processes outside the chroot.

I like this.

However, I'd like to see a different system call used to enter the chroot
in this case, so that it's possible to have a normal, less-restricted
chroot at the same time.

Thor


Home | Main Index | Thread Index | Old Index