[rsbac] todo list item

Magosányi Árpád mag at bunuel.tii.matav.hu
Thu Mar 4 19:29:49 CET 2004


-Make _all_ jail features optional.

Jail have some restrictions which are not feasible
with certain setups. See:
- Change rsbac_jail syntax to make chroot() optional
- New JAIL flag allow_clock for ntpd encapsulation
The problem is that jail is an arbitrary set of
security measures, some of which can (and some
of which should) be handled by other modules
like RC. For any of the jail features there
exists a setup which either impossible because
that jail feature but needs another feature of
jail, or can be implemented by another modell,
which means you have implemented something
twice unnecessary.

I am not on the list, please cc me if you have
something important to note.

GNU GPL: csak tiszta forrásból

More information about the rsbac mailing list