:
:In message <[EMAIL PROTECTED]>, Matt Dillon writes:
:> I just had an idea... allow the kernel security level to be specified
:> for a jailed environment. Add a 'securelevel' field to the jail
:> structure and bump the API rev.
:
:That would be trivial to do, but I thought that securelevels were
:demed "nice proof of concept but not the right way" ?
:
:--
:Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
Oh, also we would enforce increasing the secure level only... so when
you run a jail the minimum securelevel is the current securelevel. And
the global sysctl securelevel would still exist and override everything,
but now it is possible to leave it at -1 and run most system services
(including sshd) at a higher secure level inside a jail, leaving only
the init-run getty's running at securelevel -1.
-Matt
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
