On Sat, Jul 09, 2011 at 12:03:50PM +0300, Aleksey Cheusov wrote: > Hello. > > I've implemented new security model based on kauth(9) framework, > secmodel_securechroot(9). Its purpose is to completely isolate > chrooted processes from the host system, that is to prevent all destructive > changes by chrooted processes even if they are run under root privileges > and to prevent access to processes outside the chroot.
I like this. However, I'd like to see a different system call used to enter the chroot in this case, so that it's possible to have a normal, less-restricted chroot at the same time. Thor
