On Sun, 8 Apr 2001, Alex Zepeda wrote:
> On Sun, Apr 08, 2001 at 09:13:15PM +0200, Attila Nagy wrote:
>
> > So I am wondering, why the unices block mounting an already mounted
> > partition read only again.
>
> Have you considered using ACLs perhaps? Sure it's not in -STABLE, but
> it's a thought..
ACLs are a form of discretionary access control, and as such can't impose
mandatory read-only behavior for processes in a jail. For that, you want
mandatory access control, a feature still under development as part of
TrustedBSD. However, mandatory file labeling substantially complicates
file system management, and jail provides a simple substitute by using
chroot, a choice that seems wise to me :-).
Robert N M Watson FreeBSD Core Team, TrustedBSD Project
[EMAIL PROTECTED] NAI Labs, Safeport Network Services
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
