Re: jail() for Linux ?
On Thu, 10 Apr 2003 03:12, Marc Schöchlin wrote:
> I developed a software (will be in 1-2 weeks available as opensource)
> for managing virtual Systems which are using the jail-functionality of
> FreeBSD - now I ask myself if the jail-functionality
> is also available for linux systems.
>
> Does anybody know anything about a patch which implements the same
> functionality on Linux ?
For the closest match to the functionality you requested see kernel-patch-ctx
and vserver packages.
kernel-patch-2.4-grsecurity implements secure chroot environments and many
other useful security enhancements, but (as of my last tests) does not do
everything jail does.
SE Linux is my preferred security option. I have written policy for it to
implement secure chroot environments, but it can't restrict which IP
addresses the jailed process can bind to (the same limitation as grsecurity,
vserver does not have this problem). I wanted to implement IP restrictions
for SE Linux, but changes to the core code made my chosen method impossible
and I have not done any serious work on this since.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: