Re: Re: Debian BSD.. cool idea
- To: Raul Miller <moth@debian.org>
- Cc: debian-bsd@lists.debian.org
- Subject: Re: Re: Debian BSD.. cool idea
- From: Dan Papasian <bugg@bugg.strangled.net>
- Date: Tue, 1 Feb 2000 16:02:09 -0500
- Message-id: <[🔎] 20000201160209.B91479@bugg.htfdw1.ct.home.com>
- In-reply-to: <20000131231010.A6453@usatoday.com>; from moth@debian.org on Mon, Jan 31, 2000 at 11:10:10PM -0500
- References: <200001301916.OAA79896@bugg.strangled.net> <20000130163842.A17744@industrial-strength.net> <20000130182644.A86571@bugg.htfdw1.ct.home.com> <20000130222734.A2660@usatoday.com> <20000131161637.B89048@bugg.htfdw1.ct.home.com> <20000131194922.E11595@usatoday.com> <20000131195604.B89495@bugg.htfdw1.ct.home.com> <20000131221621.H11595@usatoday.com> <20000131214615.A30996@industrial-strength.net> <20000131231010.A6453@usatoday.com>
On Mon, Jan 31, 2000 at 11:10:10PM -0500, Raul Miller wrote:
> You mean this thing?
>
> $ apt-cache search jail
> jail - Just Another ICMP Logger
> $
No, he means jail the syscall and the program- much like chroot
except even root in a jailed enviorment can't get out of it, in any way.
And you can therefore limit the functionality of the machine, because
you need to have a non-jailed root user make the devices inside the
jailed enviorment.
> > Things like 'ps' and 'top' use BSD-specific methods since the POSIX
> > committee in all their wisdom decided against specifying a way to
> > introspect the system. So you'd need these too.
>
> It's not so pleasant if independent versions of such things have to be
> resupplied for every kernel. Do they?
No. But the libraries that they depend on aren't usually updated when
the kernel is.
> Might be worth writing a /proc/ emulator then...
>
> But yeah, that's work.
There is one, but it is still weak AFAIK and could use a lot of work.
-Dan
Reply to: