btw, when I said "stole" i didnt mean it to be harsh. sorry if it came off that way.
shaya On Wed, 2002-08-14 at 04:26, Russell Coker wrote: > On Wed, 14 Aug 2002 05:35, Shaya Potter wrote: > > On Tue, 2002-08-13 at 22:09, Colin Walters wrote: > > > On Tue, 2002-08-13 at 17:48, Russell Coker wrote: > > > > I have written SE Linux policy for administration of a chroot > > > > environment. That allows me to give full root administration access > > > > (ability to create/delete users, kill processes running under different > > > > UIDs, ptrace, etc) to a chroot environment without giving any access to > > > > the rest of the system. > > > > > > Since no one else has apparently said it explictly yet, I have to say > > > that's extremely cool :) > > Thanks Colin. > > > argh. its so cool that you essentially stole my summer research. :(. > > Does this allow you to create any amount of chroot jails? We are also > > It allows the administrator to create any number of chroot jail setups for a > given user, and they can set them up for as many users as they like. > > > working on making "virtual IPs" that each jail would get. We are also > > working on being able to move the processes while running (w/ network > > connections) from machine to machine w/o needing any state on initial > > machine. > > I am not planning to work on moving processes etc. > > If you'd like to build on top of my work then you are welcome, it'll all be > in Debian in a few days. > > -- > I do not get viruses because I do not use MS software. > If you use Outlook then please do not put my email address in your > address-book so that WHEN you get a virus it won't use my address in the > >From field.