Jailed sysvipc implementation.
Pawel Jakub Dawidek
nick at garage.freebsd.pl
Wed Jun 25 10:48:53 PDT 2003
On Wed, Jun 25, 2003 at 01:26:28PM -0400, Robert Watson wrote:
+> We have some initial patches that wrap the user ipcperm structure in a
+> kernel-specific structure, which we use to add a MAC label. It would be
+> easy to also add a prison pointer. We probably won't get to merging this
+> patch for a couple of weeks, but it's worth keeping in mind.
+>
+> http://www.watson.org/~robert/freebsd/mac_sysvipc.diff
+>
+> This needs style cleanup, bug fixing, testing, etc, but it's the direction
+> we're pushing in for MAC right now.
Hmm, I'm not sure if I understand patch well, but with this stuff we will
be able to run for example two postgresql servers in diffrent jails?
Or it only will provide denying specified requests?
--
Pawel Jakub Dawidek pawel at dawidek.net
UNIX Systems Programmer/Administrator http://garage.freebsd.pl
Am I Evil? Yes, I Am! http://cerber.sourceforge.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20030625/23726766/attachment.bin
More information about the freebsd-arch
mailing list