Jailed sysvipc implementation.

Pawel Jakub Dawidek nick at garage.freebsd.pl
Wed Jun 25 10:48:53 PDT 2003


On Wed, Jun 25, 2003 at 01:26:28PM -0400, Robert Watson wrote:
+> We have some initial patches that wrap the user ipcperm structure in a
+> kernel-specific structure, which we use to add a MAC label.  It would be
+> easy to also add a prison pointer.  We probably won't get to merging this
+> patch for a couple of weeks, but it's worth keeping in mind. 
+> 
+>   http://www.watson.org/~robert/freebsd/mac_sysvipc.diff
+> 
+> This needs style cleanup, bug fixing, testing, etc, but it's the direction
+> we're pushing in for MAC right now.

Hmm, I'm not sure if I understand patch well, but with this stuff we will
be able to run for example two postgresql servers in diffrent jails?
Or it only will provide denying specified requests?

-- 
Pawel Jakub Dawidek                       pawel at dawidek.net
UNIX Systems Programmer/Administrator     http://garage.freebsd.pl
Am I Evil? Yes, I Am!                     http://cerber.sourceforge.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20030625/23726766/attachment.bin


More information about the freebsd-arch mailing list