* Matt Dillon <[EMAIL PROTECTED]> [010425 12:24] wrote:
>
> But if we have the ability to run at a higher securelevel inside a jail
> we can allow console-root logins to access the system at the global
> securelevel of -1 yet force every single other login to the system and
> *ALL* services to run inside a jail (chroot to "/" essentially) with
> a higher securelevel.
>
> Enforcing the securelevel combined with the use of chflags inside
> a prison, plus idea #2, gives us much more flexibility then the
> hardwired restrictions jail() currently employs.
That's a really cool idea, you should talk to Robert Watson who's
working on "jailNG" though.
--
-Alfred Perlstein - [[EMAIL PROTECTED]]
Instead of asking why a piece of software is using "1970s technology,"
start asking why software is ignoring 30 years of accumulated wisdom.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
