-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>>>>"Brett" == Brett Lymn <blymn@baesystems.com.au> writes:
>
>     >> So, chroot("/my/foo");
>     >>
>     >> becomes the same as something: mount -o ro,nosuid,noexec,nodev -t
>     >> union /something /my/foo chroot /my/foo
>     >>
>     >> (where /something might even be /)
>     >>
>
>     Brett> At which point I would be worried about a privilege
>     Brett> escalation leading to my password database being snatched for
>     Brett> offline cracking.  The nice thing about chroot is that you
>     Brett> don't have the encrypted passwords laying about.
>
>   right, there are different reasons for chroot().
>   Sometimes, you *do* want to be able to read stuff. Maybe even
> passwords. (think pop daemon...) Sometimes you do not.
>
My question is can we implement something like FreeBSD jail & Solaris10
zone??


I think is good thing to have in NetBSD.I know that i can use xen but in
xen there are two kernels with some overhead and with zones or jails is
nothing like that:)


Cheers



- --

Linux is for people who hate windows NetBSD is for people who love UNIX.

				
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (NetBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDbesg9Wt2FT7y228RAnutAKCJBrlvKcHKb2wO3txPWTEC4r30RACfcHuZ
AIKWWqD5s2ibbx63zv2KgNY=
=qiX0
-----END PGP SIGNATURE-----