[feature request]bsdjail

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

[feature request]bsdjail

Postby perlish » Sat Feb 21, 2004 1:56 am

I have several servers run freebsd and several server run debian linux with grsec pached,and I wanna change all my freebsd server to debian with grsec,but the fbsd's jail function is really nice then the chroot function in linux.

there's a patch under 2.6 kenerl can almost do the same thing like bsdjail

but the grsec do not support 2.6 kernel, can grsec team add the bsdjail

function in to grsec,no mater kernel 2.4 or 2.6

http://mail.wirex.com/pipermail/linux-s ... rset_UTF-8

btw:rsbac have this function,but the rsbac's really complex
http://www.rsbac.org/models.htm#jail

grsec is my best favorate!

I hope grsec would become perfect

thx in advanced!
perlish
 
Posts: 42
Joined: Sun Jan 11, 2004 10:42 pm

Re: [feature request]bsdjail

Postby PaX Team » Sat Feb 21, 2004 6:49 am

perlish wrote:but the grsec do not support 2.6 kernel, can grsec team add the bsdjail function in to grsec,no mater kernel 2.4 or 2.6
what are the grsec chroot restrictions + ACLs missing that you need?
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Postby perlish » Sat Feb 21, 2004 10:21 pm

thx for ur reply :)

I need chroot several daemon in a jail

the chroot() can olny put one daemon in a jail,if some daemons work dependent each other,the chroot() can not make it

but the jail() in bsd system can put all things including all daemons in a same jail except kernel,it's more powerful than chroot()

I thought many friends need this function in linux :)

if grsec can do this, it must be the most perfect security kernel patch in the world!!! I hope this day will come one day :)
perlish
 
Posts: 42
Joined: Sun Jan 11, 2004 10:42 pm

Postby magicq » Sun Feb 22, 2004 10:05 am

good idea man

any people who ported from bsd to linux hope grsecurity can make a bsdjail
magicq
 
Posts: 5
Joined: Sun Feb 22, 2004 9:59 am


Return to grsecurity support

cron