Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
No events planned
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
wiki:experiences:igraltist:jail_pdnsd [2008/07/14 04:31] 127.0.0.1 (old revision restored) |
wiki:experiences:igraltist:jail_pdnsd [2011/06/30 06:31] 127.0.0.1 (old revision restored) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | <code bash> | ||
+ | ; | ||
+ | ; RSBAC JAIL definition for pdnsd | ||
+ | ; 20081407,20110113 | ||
+ | ; | ||
+ | ; Installed versions: 1.2.8(10:37:18 10.11.2010)(urandom -debug -ipv6 -isdn -test) | ||
+ | ; | ||
+ | ; test by: Jens Kasten (igraltist) | ||
+ | ; run on: Gentoo (hardened) | ||
+ | ; | ||
+ | ; daemon change user and group to pdnsd | ||
+ | ; | ||
+ | |||
+ | "" | ||
+ | "0.0.0.0" | ||
+ | (allow-external-ipc | ||
+ | allow-dev-read | ||
+ | allow-dev-write) | ||
+ | (net-raw | ||
+ | sys-ptrace | ||
+ | net-bind-service | ||
+ | setgid | ||
+ | setuid) | ||
+ | () | ||
+ | () | ||
+ | |||
+ | |||
+ | </code> | ||
+ | |||
+ | Deprecated: | ||
<code bash> | <code bash> | ||
; | ; | ||
Line 27: | Line 57: | ||
<code bash> | <code bash> | ||
This is execute now: | This is execute now: | ||
- | rsbac_jail -d -D -r -y -C SETGID SETUID NET_BIND_SERVICE NET_RAW SYS_PTRACE SYS_RESOURCE -G sysctl -M rlimit priority start-stop-daemon --start --quiet --exec /usr/sbin/pdnsd -- -t -s -d -p /var/run/pdnsd.pid | + | rsbac_jail -d -D -r -y -P -C SETGID SETUID NET_BIND_SERVICE NET_RAW SYS_PTRACE SYS_RESOURCE -G sysctl -M rlimit priority start-stop-daemon --start --quiet --exec /usr/sbin/pdnsd -- -t -s -d -p /var/run/pdnsd.pid |
</code> | </code> |