Re: Jailed sysvipc implementation.
From: Pawel Jakub Dawidek (nick_at_garage.freebsd.pl)
Date: 06/25/03
- Previous message: Robert Watson: "Re: Jailed sysvipc implementation."
- In reply to: Robert Watson: "Re: Jailed sysvipc implementation."
- Next in thread: Max Khon: "Re: Jailed sysvipc implementation."
- Reply: Max Khon: "Re: Jailed sysvipc implementation."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 Jun 2003 19:52:25 +0200 To: Robert Watson <rwatson@freebsd.org>
On Wed, Jun 25, 2003 at 01:26:28PM -0400, Robert Watson wrote:
+> We have some initial patches that wrap the user ipcperm structure in a
+> kernel-specific structure, which we use to add a MAC label. It would be
+> easy to also add a prison pointer. We probably won't get to merging this
+> patch for a couple of weeks, but it's worth keeping in mind.
+>
+> http://www.watson.org/~robert/freebsd/mac_sysvipc.diff
+>
+> This needs style cleanup, bug fixing, testing, etc, but it's the direction
+> we're pushing in for MAC right now.
Hmm, I'm not sure if I understand patch well, but with this stuff we will
be able to run for example two postgresql servers in diffrent jails?
Or it only will provide denying specified requests?
-- Pawel Jakub Dawidek pawel@dawidek.net UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net
- application/pgp-signature attachment: stored
- Previous message: Robert Watson: "Re: Jailed sysvipc implementation."
- In reply to: Robert Watson: "Re: Jailed sysvipc implementation."
- Next in thread: Max Khon: "Re: Jailed sysvipc implementation."
- Reply: Max Khon: "Re: Jailed sysvipc implementation."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
