Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
No events planned
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
wiki:experiences:igraltist:run-jail [2012/05/13 07:11] 127.0.0.1 (old revision restored) |
wiki:experiences:igraltist:run-jail [2012/05/13 07:12] 127.0.0.1 (old revision restored) |
||
---|---|---|---|
Line 83: | Line 83: | ||
To learn how to interpret the log messages to develop a jail policy see [[wiki:experiences/igraltist/run-jail/explain-jail-message|explain-jail-message]]. | To learn how to interpret the log messages to develop a jail policy see [[wiki:experiences/igraltist/run-jail/explain-jail-message|explain-jail-message]]. | ||
+ | |||
Line 256: | Line 257: | ||
</code> | </code> | ||
- | The above example does not run the application in a chroot. It is not restricted to any particular nework interface.\\ And it allows reads and writes to devices, as well as other network protocols than IPv4. The program is allowed to perform setuid(), setgid(), open low network ports (net-bind-service capability) and to send signals to processes which owned by other users (kill capability).\\Furthermore it is allowed to read sysctl data and to modify (i.e. set) process resource limits. | + | The above example does not run the application in a chroot. It is not restricted to any particular nework interface. And it allows reads and writes to devices, as well as other network protocols than IPv4. The program is allowed to perform setuid(), setgid(), open low network ports (net-bind-service capability) and to send signals to processes which owned by other users (kill capability).Furthermore it is allowed to read sysctl data and to modify (i.e. set) process resource limits. |