[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: nsmux Documentation

From: Sergiu Ivanov
Subject: Re: nsmux Documentation
Date: Mon, 5 Oct 2009 17:13:16 +0300
User-agent: Mutt/1.5.20 (2009-06-14)


On Fri, Oct 02, 2009 at 09:16:38AM +0200, Carl Fredrik Hammar wrote:
> On Thu, Oct 01, 2009 at 07:52:57PM +0300, Sergiu Ivanov wrote:
> > On Wed, Sep 30, 2009 at 09:45:32PM +0200, Arne Babenhauserheide wrote:
> > > Can I also put it "on /"? 
> > > That way I could activate it systemwide :) 
> > 
> > Yes, this is the long-term goal, though I definitely won't advise you
> > trying this out ATM -- one of the most important issues is security,
> > about which nsmux does nothing but standard procedures, but it is
> > possible that something more is required.
> A secure way to use it on the entire filesystem would be to make use of
> settrans -C flag, to start a shell chrooted to nsmux but not actually set
> on /.  This way only programs started from the shell would be affected.
> That is something like:
>   settrans -C bash -- / nsmux ...
> (I didn't test it, it might be the other way around.)

Unfourtunately, I cannot test that with nsmux either, but as far as I
can get it from the code of settrans, the command line is exactly what
you suggest.

Thanks for your suggestion! :-) I've forgotten about chroot
capabilities of settrans, which might come in very handy when testing


reply via email to

[Prev in Thread] Current Thread [Next in Thread]