[rsbac] questions..

Andrea Pasquinucci cesare at ucci.it
Mon May 9 10:28:38 CEST 2005


Sorry for a few other dumb questions:

1. Does it make sense to build a kernel with the following modules:
     PAX, RES, CAP, DAZ, FF (JAIL ?)
notice that AUTH is missing


2. for RES, I guess that most dimensions are Bytes even if it is not 
written in the help

  'fsize' "Size limit for each file."
  'memlock' "Limit on locked-in-memory address space."
  'as' "Address space (virtual memory) limit."

whereas

  'data' "Process data segment size limit in bytes."
  'stack' "Process stack size limit in bytes."
  'core' "Core dump size limit in bytes."
  'rss' "Max resident set size in bytes."


3. About JAIL, Amon says often to use JAIL without chroot to protect 
users when using for example firefox/mozilla ecc. Is it possible to set 
this by using attr_set_fd (or similar), or one must start the program 
with rsbac_jail ? Is this in case a new feature which could be added? 

Moreover, what will happen if I would run firefox under jail with no 
chroot? for example, could I still use plugins or helpers (like xpdf, 
realplay, mplayer ecc. ?


Thanks, Andrea


--
Andrea Pasquinucci                     cesare at ucci.it
PGP key: http://www.ucci.it/ucci_pub_key.asc
fingerprint = 569B 37F6 45A4 1A17 E06F  CCBB CB51 2983 6494 0DA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://rsbac.dyndns.org/pipermail/rsbac/attachments/20050509/60f79c74/attachment.bin


More information about the rsbac mailing list