[rsbac] howto jail
Jens Kasten
jens at kasten-edv.de
Sat Dec 29 09:53:27 CET 2007
Hi liste,
i try to reuse the adamantix jail config from the adamantix.
here http://kasten-edv.de/download/rsbac i have the jail configs and under
bin/run-jail a testscript wich read the config.
the config was usally used when the run-jail are added in the init.d-scripts.
usally the syntax for the config is like this:
;
; RSBAC JAIL definition for apache
; 20060502
;
; Tested by:
; Fuleki Miklos (RAk)
; Peter Busser (peter)
; Robert Penz (robert)
;
; The allow-dev-read JAIL flag is needed when courier is installed. It
probably
; does an fsstat() to check how much disk-space is available.
;
""
"0.0.0.0"
(allow-dev-read
allow-dev-write
allow-external-ipc
allow-dev-read)
(setgid
setuid
net-bind-service
kill)
(sysctl)
(rlimit)
and with the calling run-jail apache teste
the script deliver.
key: jail-flags values: ['allow-dev-read', ' allow-dev-write', '
allow-external-ipc', ' allow-dev-read']
key: scd-read values: ['sysctl']
key: max-caps values: ['setgid', ' setuid', ' net-bind-service', ' kill']
key: scd-modify values: ['rlimit']
so there i have the key and valus as an dictionary in python.
How can i now continue to use this for setup a jail?
it should not be difficult do get it in uppercase or something else.
viele grüsse
jens
More information about the rsbac
mailing list