Re: [PATCH] BSD Jail LSM (2/3)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Alan Cox <alan@lxorguk.ukuu.org.uk>
To: Serge Hallyn <serue@us.ibm.com>
Cc: Chris Wright <chrisw@osdl.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	akpm@osdl.org
Subject: Re: [PATCH] BSD Jail LSM (2/3)
Date: Fri, 10 Sep 2004 20:31:49 +0100	[thread overview]
Message-ID: <1094844708.18107.5.camel@localhost.localdomain> (raw)
In-Reply-To: <1094847787.2188.101.camel@serge.austin.ibm.com>

On Gwe, 2004-09-10 at 21:23, Serge Hallyn wrote:
> Attached is a patch against the security Kconfig and Makefile to support
> bsdjail, as well as the bsdjail.c file itself.  bsdjail offers
> functionality similar to (but more limited than) the vserver patch.

Looking over the code the first question I would ask is that it supports
AF_INET but not AF_INET6. That seems a bit limited in todays internet
environment. 

> A process in a jail lives under a chroot which is not vulnerable to the
> well-known chdir(...)(etc)chroot(.) attack against normal chroots, and
> may be locked to one ip address.  For additional features, please see
> Documentation/bsdjail.txt, which is included in the next patch.

You can break out with someone co-operating from outside the jail but
that I guess is pretty harmless anyway. 

Alan

next prev parent reply	other threads:[~2004-09-10 20:34 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-09-10 20:21 [PATCH] BSD Jail LSM (1/3) Serge Hallyn
2004-09-10 20:23 ` [PATCH] BSD Jail LSM (2/3) Serge Hallyn
2004-09-10 19:31   ` Alan Cox [this message]
2004-09-12 23:33     ` Serge E. Hallyn
2004-09-13 10:56       ` Alan Cox
2004-09-13 15:08         ` Serge E. Hallyn
2004-09-13 23:20         ` [PATCH] BSD Jail LSM Serge Hallyn
2004-09-13 23:58           ` Vincent Hanquez
2004-09-14 14:04             ` Serge E. Hallyn
2004-09-14 18:13               ` Chris Wright
2004-09-12 21:12   ` [PATCH] BSD Jail LSM (2/3) Herbert Poetzl
2004-09-10 20:23 ` [PATCH] BSD Jail LSM (3/3) Serge Hallyn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1094844708.18107.5.camel@localhost.localdomain \
    --to=alan@lxorguk.ukuu.org.uk \
    --cc=akpm@osdl.org \
    --cc=chrisw@osdl.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=serue@us.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.