Re: Re: Debian BSD.. cool idea
On Mon, Jan 31, 2000 at 11:10:10PM -0500, Raul Miller wrote:
> You mean this thing?
> $ apt-cache search jail
> jail - Just Another ICMP Logger
No, he means jail the syscall and the program- much like chroot
except even root in a jailed enviorment can't get out of it, in any way.
And you can therefore limit the functionality of the machine, because
you need to have a non-jailed root user make the devices inside the
> > Things like 'ps' and 'top' use BSD-specific methods since the POSIX
> > committee in all their wisdom decided against specifying a way to
> > introspect the system. So you'd need these too.
> It's not so pleasant if independent versions of such things have to be
> resupplied for every kernel. Do they?
No. But the libraries that they depend on aren't usually updated when
the kernel is.
> Might be worth writing a /proc/ emulator then...
> But yeah, that's work.
There is one, but it is still weak AFAIK and could use a lot of work.