Re: Sandboxing
On 9 nov. 06, at 09:17, mal content wrote:
>> man jail(8)
>
> A full jail is quite extreme, don't you think? Besides, it'd be
> tricky to allow
> a jailed program to write to ~/.mozilla and /tmp.
a full jail is for beginners ;)
You can jail a program with only minimum /dev/ and libs, like it was
done with named before FreeBSD choose to chroot by default.
Depending on what you want to jail, it can be more or less
complicated. May be MAC and ACL is the way to go for you, I don't know.
patpro
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 7 之 13 篇):