On Thu, May 30, 2002 at 18:25 -0500, JW wrote:
Here's what I'm trying to do.
I have system users who are jailed in a chroot. They will all be running their own system -- i.e. there own software and daemons, but _not_ their own kernel (tit's not VMware or usermode or anything like that) They will each have their own IP address. I have recompiled my kernel to allow common usesr to open ports < 1024 (yes, it works, yes, I'm a little crazy)
In my dreams at least, I'd like to be able to prevent all of the following:
1. They cannot access the host filesystem system It's my understanding that on lInux, processes will still be able to access the host system. At least, I got that impression from an article I was reading on FreeBSD jailing, where proccesses _can't_ access the host system.
2. They cannot acess any files anywhere except in their $HOME Basically, something more then just chroot to keep them jailed away.
3. I want to be able to allow/disallow the ports they have access to.
4. I'd like to be able to prevent them from using any IP address but the ones allocated to them. This is currently the worst problem. By default, everything they do (wrt the network) will attempt to use the base ip. Some services like Apache can be set to use only one IP, which helps, and maight be sufficient, but I wish really badly that I could set up somethign in the hosts system that would make it appear as if there's only 1 IP on the system (per user)
5. Processes should not be able to "see" or interact with the host's/other users processes and filesystems.
This is funny. Did you notice that the above "shopping list" *exactly* reads like FreeBSD jail's feature set? I don't know which article you refer to above, but I suggest you have a look at the jail(8) and jail(2) manpages, both of which are available under the "Documentation" link from the www.freebsd.org website or your favourite local mirror. The first manpage was written from the user side's POV and tells you how to setup a jail. The latter outlines the jail features: process group separation, filesystem access restriction, IP activity control. Even "root" cannot do anything serious or dangerous, so you can hand out root accounts to your customers without too much fear for the other customers (rumours are that with root privs you can break out of any chroot environment while this is not the case for jails). You might even find a paper written by Poul-Henning Kamp (the original author) discussing the design and the mechanisms used. So the question raises: Is the "Linux" label important enough for you to take the trouble of making Linux do what you wish it to? Or are the above requirements important enough for you to switch to a system which natively provides the features you request? Neither way will you get the features for free, there definitely is some learning and evaluationeffort in any case. Just keep in mind that jails have been an integral part of FreeBSD since the 4.0 release (i.e. for more than two years now). People reportedly ran several hundred jails on a single machine and had no problems with it. I have installations around with some tens of jails on machines most of us would call "low end".
Can anyone offer any other suggestions/advise as to how I should go about this? Have any of you done anything similar before? Would you recommend any other form of system-wide acess control besides SE Linux?
You don't want to get me started on the *BSD vs Linux debate, do you? :] All I can say is: take a closer look at both sides and decide yourself. Again, the FreeBSD project's website holds a lot of information (look out for the excellent "handbook" and the short(er) articles discussing certain features in a cook book like manner). virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.