Re: A TrustedBSD "voluntary sandbox" policy.

On Thu, 8 Nov 2007, Andrea Campi wrote: On Wed, Nov 07, 2007 at 10:20:28PM -0500, [EMAIL PROTECTED] wrote: I'm considering developing a policy/module for TrustedBSD loosely based on the systrace concept - A process loads a policy and then executes another program in a sandbox with fine grain

Re: A TrustedBSD "voluntary sandbox" policy.

On Nov 8, 2007 9:23 AM, Pawel Jakub Dawidek <[EMAIL PROTECTED]> wrote: > First problem is that it is hard to operate on file paths. MAC passes a > locked vnode to you and you cannot go from there to a file name easly. > You could do it by comparsion: call VOP_GETATTR(9) on the given vnode, > do the

Re: A TrustedBSD "voluntary sandbox" policy.

On Wed, Nov 07, 2007 at 10:20:28PM -0500, [EMAIL PROTECTED] wrote: > I'm considering developing a policy/module for TrustedBSD loosely based > on the systrace concept - A process loads a policy and then executes > another program in a sandbox with fine grained control over what that > program can d

Re: A TrustedBSD "voluntary sandbox" policy.

On Wed, Nov 07, 2007 at 10:20:28PM -0500, [EMAIL PROTECTED] wrote: > I'm considering developing a policy/module for TrustedBSD loosely based > on the systrace concept - A process loads a policy and then executes > another program in a sandbox with fine grained control over what that > program can d

A TrustedBSD "voluntary sandbox" policy.

I'm considering developing a policy/module for TrustedBSD loosely based on the systrace concept - A process loads a policy and then executes another program in a sandbox with fine grained control over what that program can do. I'm aiming for a much simpler implementation, however. No interaction.