[rsbac] jail

[Jens Kasten]

hi list,

i have build and test a run-jail for rsbac_jail.
i use the old adamantix-jail-configs for setup the jail than.
here you can download it. 
http://kasten-edv.de/download/rsbac/etc_rsbac_jail.tar.bz2
for this services exists a config 
http://kasten-edv.de/download/rsbac/etc_rsbac_jail/

when download it must to move the configfiles to
/etc/rsbac/jail

here is the configparser
http://svn.kasten-edv.de/svn/rsbac/trunk/lib/jail_configparser.py
and the script
http://svn.kasten-edv.de/svn/rsbac/trunk/bin/run-jail.py



the run-jail.py has this
# path to add where the file jail_configparser.py is
sys.path.append('/security/rsbac-manager/lib')
from jail_configparser import JailParser 

i did softlinking the run-jail.py to /bin/run-jail so the initscritp use only run-jail.

you have to sys.path.append to correct so the jail_configparser.py can be found.

than also the jail_flags should more complet.
this is in the moment only tested that apache2 will work.

self.jail_flags = {
                "allow-dev-read": "-d",
                "allow-dev-write": "-D",
                "allow-external-ipc": "-i",

                }

also this should be execute.
echo debug_jail_log_missing 1 > /proc/rsbac-info/debug 
echo debug_cap_log_missing 1 > /proc/rsbac-info/debug 


now i should have a possibility to test the jail for the apache2 
is not all perfect, but the config can easy modified so that only the
jail_configparser.py have to build new.
when i start apache2 it take a moment to ready to work.
i dont no why, but i see the parent process for apache2 is start and
the change the second one is take a while.

so far

grüsse
jens 
 

-------------- nächster Teil --------------
Ein Dateianhang mit Bin�rdaten wurde abgetrennt...
Dateiname   : apache2_etch_init.patch
Dateityp    : text/x-patch
Dateigr��e  : 1547 bytes
Beschreibung: nicht verf�gbar
URL         : http://www.rsbac.org/pipermail/rsbac/attachments/20080702/05873312/attachment.bin