[rsbac] questions..
Andrea Pasquinucci
cesare at ucci.it
Mon May 9 10:28:38 CEST 2005
Sorry for a few other dumb questions:
1. Does it make sense to build a kernel with the following modules:
PAX, RES, CAP, DAZ, FF (JAIL ?)
notice that AUTH is missing
2. for RES, I guess that most dimensions are Bytes even if it is not
written in the help
'fsize' "Size limit for each file."
'memlock' "Limit on locked-in-memory address space."
'as' "Address space (virtual memory) limit."
whereas
'data' "Process data segment size limit in bytes."
'stack' "Process stack size limit in bytes."
'core' "Core dump size limit in bytes."
'rss' "Max resident set size in bytes."
3. About JAIL, Amon says often to use JAIL without chroot to protect
users when using for example firefox/mozilla ecc. Is it possible to set
this by using attr_set_fd (or similar), or one must start the program
with rsbac_jail ? Is this in case a new feature which could be added?
Moreover, what will happen if I would run firefox under jail with no
chroot? for example, could I still use plugins or helpers (like xpdf,
realplay, mplayer ecc. ?
Thanks, Andrea
--
Andrea Pasquinucci cesare at ucci.it
PGP key: http://www.ucci.it/ucci_pub_key.asc
fingerprint = 569B 37F6 45A4 1A17 E06F CCBB CB51 2983 6494 0DA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://rsbac.dyndns.org/pipermail/rsbac/attachments/20050509/60f79c74/attachment.bin
More information about the rsbac
mailing list