Re: jail() for Linux ?

To: Marc Schöchlin <nox@t-link.de>, debian-isp@lists.debian.org
Subject: Re: jail() for Linux ?
From: Russell Coker <russell@coker.com.au>
Date: Thu, 10 Apr 2003 10:37:06 +1000
Message-id: <[🔎] 200304101037.06368.russell@coker.com.au>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <[🔎] 3E945464.4010606@t-link.de>
References: <[🔎] 3E945464.4010606@t-link.de>

On Thu, 10 Apr 2003 03:12, Marc Schöchlin wrote:
> I developed a software (will be in 1-2 weeks available as opensource)
> for managing virtual Systems which are using the jail-functionality of
> FreeBSD - now I ask myself  if the jail-functionality
> is also available for linux systems.
>
> Does anybody know anything about a patch which implements the same
> functionality on Linux ?

For the closest match to the functionality you requested see kernel-patch-ctx 
and vserver packages.

kernel-patch-2.4-grsecurity implements secure chroot environments and many 
other useful security enhancements, but (as of my last tests) does not do 
everything jail does.

SE Linux is my preferred security option.  I have written policy for it to 
implement secure chroot environments, but it can't restrict which IP 
addresses the jailed process can bind to (the same limitation as grsecurity, 
vserver does not have this problem).  I wanted to implement IP restrictions 
for SE Linux, but changes to the core code made my chosen method impossible 
and I have not done any serious work on this since.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

References:
- jail() for Linux ?
  - From: Marc Schöchlin <nox@t-link.de>

Prev by Date: Re: jail() for Linux ?
Next by Date: Re: jail() for Linux ?
Previous by thread: Re: jail() for Linux ?
Next by thread: Re: jail() for Linux ?
Index(es):
- Date
- Thread