This seems indeed very useful for system administrators.  I would mainly use
it to control shell behavior (especially controlling exec/fork) on systems
where I have users that I can't 100% trust.  Even though I try to keep those
to a minimum, I still have some systems where users try to mess around and
crash the box.  So far, process limiting and very restrictive shells have
temporarily solved that issue, but breaking out of restricted shells is
still possible.  This is pretty handy....  Has anyone tried to get it to
work with netbsd yet?

Niels Provos said:

> Currently, I am running screen, shells, irc and mail clients on
> monkey.  All of them constrained by systrace policies. So do hundreds
> of other users.  I think that you are more sceptical than is
> warranted.
>
> On my local desktop, all third-party software is constrained by
> systrace, e.g. opera or gaim.  You just start systrace on an xterm, and
> any application that you start from it is automatically sandboxed. This
> includes network applications, etc.
>
> The intrustion detection capability of systrace is only a small part of
> the whole picture.  The interactive policy generation leads to many
> novel uses, among them intrustion detection and remote monitoring of
> system daemons.