* Shaya Potter (spotter@cs.columbia.edu) wrote:
> Wow, this is what I need. Would there be any interest in having this
> syscall in Linux, as I need to design something like this anyways for
> the research we are doing.
>
> A first stab implementation would probably be as a module (as our
> research is based on a being usable just as a loadable module, w/o any
> direct kernel patch need, therefore until something is accepted into the
> kernel, we would need it like this), but we'd prefer it, and it
> definitely would be cleaner to have the jail tests integrated into the
> syscall and not wrapped by the module.
You could implement this policy in a security module.
http://lsm.immunix.org.
I don't believe you can do all of jail() with just capabilities, and as
a module it can always be extended.
thanks,
-chris
-- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jul 15 2002 - 22:00:21 EST