tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Addition to kauth(9) framework



I'd like to apply the attached patch.
It implements two things:

- chroot(2)-ed process is given new kauth_cred_t with reference count
  equal to 1.
- New id KAUTH_CRED_CHROOT is added to kauth(9) credentials scope
  which is used when chroot(2) or fchroot(2) is called.

This two things allows to implement things like securechroot(9) secmodel
described here

  http://mail-index.netbsd.org/tech-kern/2011/07/09/msg010903.html

After commiting this patch I'll move the rest of securechroot(9)
to pkgsrc until it is ready to be integrated into the kernel.

Objections?

-- 
Best regards, Aleksey Cheusov.


Home | Main Index | Thread Index | Old Index