On Mon, Jan 31, 2000 at 11:10:10PM -0500, Raul Miller wrote: > You mean this thing? > > $ apt-cache search jail > jail - Just Another ICMP Logger > $
No, he means jail the syscall and the program- much like chroot except even root in a jailed enviorment can't get out of it, in any way. And you can therefore limit the functionality of the machine, because you need to have a non-jailed root user make the devices inside the jailed enviorment. > > Things like 'ps' and 'top' use BSD-specific methods since the POSIX > > committee in all their wisdom decided against specifying a way to > > introspect the system. So you'd need these too. > > It's not so pleasant if independent versions of such things have to be > resupplied for every kernel. Do they? No. But the libraries that they depend on aren't usually updated when the kernel is. > Might be worth writing a /proc/ emulator then... > > But yeah, that's work. There is one, but it is still weak AFAIK and could use a lot of work. -Dan
