>I'd like to be able to "jail" various untrusted applications, such as 
>my netbrowser.  Chroot() is the obvious choice, but it requires root 
>privileges.  However -- supposed we changed chroot() so that it didn't 
>require root, but if executed by a non-root process, setuid and setgid 
>would not be honored.  More precisely, we change the code in 
>exec_script and kern_exec that checks the setuid/setgid bits; if 
>cwdi_rdir is non-null, don't honor those bits.

could you use systrace in conjunction with chroot() to accomplish what
you need?

>Comments?  (I wish that socket() went through the file system, so that 
>I could restrict network access that way, too.)

systrace can implement access control on source/destination addresses,
though i've not tried anything complex with it yet.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
werdna@squooshy.com       * "information is power -- share the wealth."