On Wed, Nov 07, 2007 at 10:20:28PM -0500, [EMAIL PROTECTED] wrote:
> I'm considering developing a policy/module for TrustedBSD loosely based
> on the systrace concept - A process loads a policy and then executes
> another program in a sandbox with fine grained control over what that
> program can do.
...
> Please note that the 'policy' given on the command line is purely for
> the sake of example, no syntax or semantics have been decided upon.
Can't comment on the implementation or wider issues, but if you
pursue this, please have a look at how MacOS Leopard does it
(Seatbelt). Would be nice to converge on both syntax (a Schema
dialect) and tools names / command line args--or if converging is not
possible, at least know where and why and make a conscious decision.
Bye,
Andrea
--
If it's there, and you can see it, it's real. If it's not there, and you can
see it, it's virtual. If it's there, and you can't see it, it's transparent. If
it's not there, and you can't see it, you erased it.
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
