grsecurity forums

I have several servers run freebsd and several server run debian linux with grsec pached,and I wanna change all my freebsd server to debian with grsec,but the fbsd's jail function is really nice then the chroot function in linux.

there's a patch under 2.6 kenerl can almost do the same thing like bsdjail

but the grsec do not support 2.6 kernel, can grsec team add the bsdjail

function in to grsec,no mater kernel 2.4 or 2.6

http://mail.wirex.com/pipermail/linux-s ... rset_UTF-8

btw:rsbac have this function,but the rsbac's really complex
http://www.rsbac.org/models.htm#jail

grsec is my best favorate!

I hope grsec would become perfect

thx in advanced!

perlish wrote:but the grsec do not support 2.6 kernel, can grsec team add the bsdjail function in to grsec,no mater kernel 2.4 or 2.6

what are the grsec chroot restrictions + ACLs missing that you need?

thx for ur reply

I need chroot several daemon in a jail

the chroot() can olny put one daemon in a jail,if some daemons work dependent each other,the chroot() can not make it

but the jail() in bsd system can put all things including all daemons in a same jail except kernel,it's more powerful than chroot()

I thought many friends need this function in linux

if grsec can do this, it must be the most perfect security kernel patch in the world!!! I hope this day will come one day

good idea man

any people who ported from bsd to linux hope grsecurity can make a bsdjail