On Thu, 10 Apr 2003 03:12, Marc Sch�chlin wrote: > I developed a software (will be in 1-2 weeks available as opensource) > for managing virtual Systems which are using the jail-functionality of > FreeBSD - now I ask myself if the jail-functionality > is also available for linux systems. > > Does anybody know anything about a patch which implements the same > functionality on Linux ?
For the closest match to the functionality you requested see kernel-patch-ctx and vserver packages. kernel-patch-2.4-grsecurity implements secure chroot environments and many other useful security enhancements, but (as of my last tests) does not do everything jail does. SE Linux is my preferred security option. I have written policy for it to implement secure chroot environments, but it can't restrict which IP addresses the jailed process can bind to (the same limitation as grsecurity, vserver does not have this problem). I wanted to implement IP restrictions for SE Linux, but changes to the core code made my chosen method impossible and I have not done any serious work on this since. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
