Releases

Current version
Git/Latestdiff: 1.5.6

Latest Snapshots
Produced after each commit or rebase to new upstream version

GIT
RSBAC source code, can be unstable sometimes

Events

No events planned

Differences

This shows you the differences between two versions of the page.

--- wiki:experiences:igraltist:jail_pdnsd [2008/07/14 03:47]
127.0.0.1 (old revision restored)
+++ wiki:experiences:igraltist:jail_pdnsd [2011/06/30 06:31]
127.0.0.1 (old revision restored)
@@ Line 1: / Line 1: @@
+<code bash>
+;
+; RSBAC JAIL definition for pdnsd
+; 20081407,20110113
+;
+; Installed versions:  1.2.8(10:37:18 10.11.2010)(urandom -debug -ipv6 -isdn -test)
+;
+; test by: Jens Kasten (igraltist)
+; run on: Gentoo (hardened)
+;
+; daemon change user and group to pdnsd
+;
+""
+"0.0.0.0"
+(allow-external-ipc
+ allow-dev-read
+ allow-dev-write)
+(net-raw
+ sys-ptrace
+ net-bind-service
+ setgid
+ setuid)
+()
+()
+</code>
+Deprecated:
 <code bash>
 ;
@@ Line 13: / Line 43: @@
  allow-dev-write
  allow-inet-raw
- allow-ipc-syslog)
+ allow-ipc-syslog
+ allow-ipc-parent)
 (setgid
  setuid
@@ Line 26: / Line 57: @@
 <code bash>
 This is execute now:
-rsbac_jail  -d -D -r -y -C  SETGID SETUID NET_BIND_SERVICE NET_RAW SYS_PTRACE SYS_RESOURCE -G  sysctl -M  rlimit priority start-stop-daemon  --start --quiet --exec /usr/sbin/pdnsd -- -t -s -d -p /var/run/pdnsd.pid
+rsbac_jail  -d -D -r -y -P -C  SETGID SETUID NET_BIND_SERVICE NET_RAW SYS_PTRACE SYS_RESOURCE -G  sysctl -M  rlimit priority start-stop-daemon  --start --quiet --exec /usr/sbin/pdnsd -- -t -s -d -p /var/run/pdnsd.pid
 </code>

//