[rsbac] jail

Amon Ott rsbac@rsbac.org
Thu Aug 8 16:03:01 2002

On Thursday, 8. August 2002 15:13, Bognar Attila wrote:
> Imagine a virtual machine within your OS/machine/system, with an IP 
> address. You can login with ssh for example, add users, run network 
> services, nearly anything.
> Imagine a box (your real machine) and some boxes inside (jails).

> You set up a system under each myjail[i] (configure ssh, apache), then 
> (under FreeBSD) start the jails:
> root # jail /jails/myjail1 myjail1.domain.com /bin/sh /etc/rc
> root # jail /jails/myjail2 myjail2.domain.com /bin/sh /etc/rc

Under RSBAC, it would be
root # rsbac_jail /jails/myjail1 /bin/sh /etc/rc
root # rsbac_jail /jails/myjail2 /bin/sh /etc/rc

If you want the automatic address adjustment for the ANY address, add 
the -a switch. There are some others, just call rsbac_jail without arg to see 
them, or read models.htm#jail.

If you test this, you can see the processes in /proc/rsbac-info/jails.
> root # telnet 80
> Trying
> Connected to myjail1.domain.com
> Escape character is '^]'.
> GET /index.html
> <html>
> <body>
> Congratulation! You have successfully setup blabla
> </body>
> </html>
> root #

I have not implemented individual host names, because most server programs 
have their own settings or use /etc/hosts etc., which should be the one in 
the jail with the right name.