-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I was thinking about creating a way to do jail_attach as non-root. My idea is to create some sort of an 'uid conversion table'. eg: root_at_host# jail /usr/jails/jail1/ jail1.host 127.0.0.2 /bin/sh /etc/rc root_at_host# jail_allowuser 1 65534 0 # jid host-uid jail-uid root_at_host# su nobody nobody_at_host$ jexec 1 bash root_at_jail1# All (non-root) users wanting to attach a jail without being in this conversion table will get EPERM. Root will always get SUCCESS. Users in the conversion table will be put in the jail with the new (or same) uid. This would be useful for eg, users wanting to have their own jail. Or authentication systems (sshd) that can put users in some jail, without becoming root first. What do you think about it ? - -- Jille -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) iEYEARECAAYFAkgwV3gACgkQacI4LQTe9EWMswCgv+eLzus5eu0LtM9cawinM0hN isYAniNey7vHE5KNqyVE5Tyk9RbJXy1c =xS+J -----END PGP SIGNATURE-----Received on Sun May 18 2008 - 14:21:26 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:30 UTC