Re: Addition to kauth(9) framework

To: cheusov%tut.by@localhost
Subject: Re: Addition to kauth(9) framework
From: yamt%mwd.biglobe.ne.jp@localhost (YAMAMOTO Takashi)
Date: Mon, 29 Aug 2011 00:32:59 +0000 (UTC)

hi,

> I'd like to apply the attached patch.
> It implements two things:
> 
> - chroot(2)-ed process is given new kauth_cred_t with reference count
>   equal to 1.

can you find a way to avoid this?

YAMAMOTO Takashi

> - New id KAUTH_CRED_CHROOT is added to kauth(9) credentials scope
>   which is used when chroot(2) or fchroot(2) is called.
> 
> This two things allows to implement things like securechroot(9) secmodel
> described here
> 
>   http://mail-index.netbsd.org/tech-kern/2011/07/09/msg010903.html
> 
> After commiting this patch I'll move the rest of securechroot(9)
> to pkgsrc until it is ready to be integrated into the kernel.
> 
> Objections?
> 
> -- 
> Best regards, Aleksey Cheusov.

Follow-Ups:
- Re: Addition to kauth(9) framework
  - From: Christos Zoulas

References:
- Addition to kauth(9) framework
  - From: Aleksey Cheusov

Prev by Date: Re: KAUTH_PROCESS_SCHEDULER_*AFFINITY restricted to root in default secmodel?
Next by Date: Re: netbsd-5 deadlocks when memory is low
Previous by Thread: Re: Addition to kauth(9) framework
Next by Thread: Re: Addition to kauth(9) framework
Indexes:

Home | Main Index | Thread Index | Old Index