On Thu, 9 Sep 1999, Daniel O'Connor wrote: > > On 09-Sep-99 Jason Young wrote: > > After some thought, I think the mount option idea is best. I hadn't > > thought of that before. One might want to apply different procfs > > security policies to different mounts of procfs, especially in a > > jail() situation. Good call. > > Yeah, you'd have to make sure procfs doesn't mind being mounted multiple > times, > something I'm not sure is true.
Also, don't forget about sysctl. kvm will defend itself with permissions on /dev/kme, but sysctl is available for reading to anyone (see src/release/picobsd/tinyware/sps to see what i mean). Andrzej Bialecki // <ab...@webgiro.com> WebGiro AB, Sweden (http://www.webgiro.com) // ------------------------------------------------------------------- // ------ FreeBSD: The Power to Serve. http://www.freebsd.org -------- // --- Small & Embedded FreeBSD: http://www.freebsd.org/~picobsd/ ---- To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message
