tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Addition to kauth(9) framework


> I'd like to apply the attached patch.
> It implements two things:
> - chroot(2)-ed process is given new kauth_cred_t with reference count
>   equal to 1.

can you find a way to avoid this?


> - New id KAUTH_CRED_CHROOT is added to kauth(9) credentials scope
>   which is used when chroot(2) or fchroot(2) is called.
> This two things allows to implement things like securechroot(9) secmodel
> described here
> After commiting this patch I'll move the rest of securechroot(9)
> to pkgsrc until it is ready to be integrated into the kernel.
> Objections?
> -- 
> Best regards, Aleksey Cheusov.

Home | Main Index | Thread Index | Old Index