chroot administration
I have written SE Linux policy for administration of a chroot environment.
That allows me to give full root administration access (ability to
create/delete users, kill processes running under different UIDs, ptrace,
etc) to a chroot environment without giving any access to the rest of the
system.
It's the same as the BSD Jail setup except that I haven't implemented my
solution for the "one IP address per jail" issue yet (I think that the design
is good, the code just hasn't been debugged).
One of the many possible uses for this is the scenario where you have a fast
machine with lots of storage that makes a good development box, and you want
to allow someone to do package development on the machine (but don't trust
them will full access). This use could help address some of the problems we
have with KDE and GNOME development.
If you would like to try this out then send me a private email and I'll give
you an account on my test machine. It's only a small machine (not a
development machine), but if you're interested in SE Linux you could have
some fun playing with it.
--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.
Reply to: