Subject: Re: extending chroot()
To: Andrew Brown <>
From: Niels Provos <>
List: tech-security
Date: 01/23/2003 16:29:26
On Thu, Jan 16, 2003 at 04:41:51PM -0500, Andrew Brown wrote:
> systrace can implement access control on source/destination addresses,
> though i've not tried anything complex with it yet.
Systrace works just fine for that.  Every application that I run
on my latop is systraced automatically, that is every xterm runs
a systraced shell.

Things like browsers, media players, editors, etc... can be restricted
fairly simple.  This includes resticting to the network connections
that applications are allowed to make and so forth.

There are actually several people in Ann Arbor who run their laptops
completely systraced.