; ; RSBAC JAIL definition for pdnsd ; 20081407,20110113 ; ; Installed versions: 1.2.8(10:37:18 10.11.2010)(urandom -debug -ipv6 -isdn -test) ; ; test by: Jens Kasten (igraltist) ; run on: Gentoo (hardened) ; ; daemon change user and group to pdnsd ; "" "0.0.0.0" (allow-external-ipc allow-dev-read allow-dev-write) (net-raw sys-ptrace net-bind-service setgid setuid) () () Deprecated: ; ; RSBAC JAIL definition for pdnsd ; 20081407 ; ; Tested by: ; Jens Kasten (igraltist) on gentoo ; "" "0.0.0.0" (allow-dev-read allow-dev-write allow-inet-raw allow-ipc-syslog allow-ipc-parent) (setgid setuid net-bind-service net-raw sys-ptrace sys-resource) (sysctl) (rlimit priority) This is execute now: rsbac_jail -d -D -r -y -P -C SETGID SETUID NET_BIND_SERVICE NET_RAW SYS_PTRACE SYS_RESOURCE -G sysctl -M rlimit priority start-stop-daemon --start --quiet --exec /usr/sbin/pdnsd -- -t -s -d -p /var/run/pdnsd.pid