[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: RFC: New security model secmodel_securechroot(9)
On Sat, Jul 09, 2011 at 12:03:50PM +0300, Aleksey Cheusov wrote:
> I've implemented new security model based on kauth(9) framework,
> secmodel_securechroot(9). Its purpose is to completely isolate
> chrooted processes from the host system, that is to prevent all destructive
> changes by chrooted processes even if they are run under root privileges
> and to prevent access to processes outside the chroot.
I like this.
However, I'd like to see a different system call used to enter the chroot
in this case, so that it's possible to have a normal, less-restricted
chroot at the same time.
Main Index |
Thread Index |