Re: Addition to kauth(9) framework

To: tech-kern%netbsd.org@localhost
Subject: Re: Addition to kauth(9) framework
From: Aleksey Cheusov <cheusov%tut.by@localhost>
Date: Fri, 13 Jan 2012 14:09:43 +0300

Hello. Discussion ended months ago but it's still unclear for me can I
commit the proposed addition to kauth(9). I asked my sponsors but they
recomended
me to ask in mailing list. So, I'm here again.

I'm not pushing securechroot module to the base system. Instead I'll
continue its development in pkgsrc, so it will be available for users,
but I think the proposed addon for kauth(9) would be valuable feature
for NetBSD-6 coming soon.

On Sat, Aug 27, 2011 at 8:51 PM, Aleksey Cheusov <cheusov%tut.by@localhost> 
wrote:
> I'd like to apply the attached patch.
> It implements two things:
>
> - chroot(2)-ed process is given new kauth_cred_t with reference count
>  equal to 1.
> - New id KAUTH_CRED_CHROOT is added to kauth(9) credentials scope
>  which is used when chroot(2) or fchroot(2) is called.
>
> This two things allows to implement things like securechroot(9) secmodel
> described here
>
>  http://mail-index.netbsd.org/tech-kern/2011/07/09/msg010903.html
>
> After commiting this patch I'll move the rest of securechroot(9)
> to pkgsrc until it is ready to be integrated into the kernel.
>
> Objections?
>
> --
> Best regards, Aleksey Cheusov.

References:
- Addition to kauth(9) framework
  - From: Aleksey Cheusov

Prev by Date: kernel crash at ibm x3850
Next by Date: Re: kernel crash at ibm x3850
Previous by Thread: re: Addition to kauth(9) framework
Next by Thread: netbsd-5 deadlocks when memory is low
Indexes:

Home | Main Index | Thread Index | Old Index