Few questions about Jail

From: Evan S (kaworu@sektor7.ath.cx)
Date: 01/03/01

Date: Tue, 2 Jan 2001 18:45:09 -0500 (EST)
From: Evan S <kaworu@sektor7.ath.cx>
To: freebsd-security@freebsd.org


I run a project called Openroot. Basically, Openroot is a computer on my
network where I give root access to anyone. Openroot is run inside of a
Jail. It has been running for four weeks, without much problems.

Although, I am looking to make some modifications to Jail, and I was
wondering if someone could point me where to start. (I've already looked
at jail.c, and .h)

I want the Jail to be able to have a different secure level than the host
machine, therefore, I can eliminate the problem of users typing 'chflags
schg _filename_' on Openroot, preventing the restore script to work.

In order to avoid this, Openroot runs in Securelevel 0, which I do not
like, because I'd like to be able to chflags schg login.conf in the Jail's
etc directory, to enter a process, memory, and cpu usage limit to prevent
fork bombs and such..

Thanks a lot,

Evan Sarmiento (kaworu@sektor7.ath.cx)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message