Sauf que sysjail se repose sur systrace dont on a découvert une bonne grosse race qui rend le bouzin inefficace...
IMPORTANT: Due to handling semantics of user/kernel memory in concurrent environments, the sysjail tools, in inheriting from systrace(4), are vulnerable to exploitation. Details available here. Many thanks to Robert Watson for discovering these issues! Until these problems have been addressed, we do not recommend using sysjail (or any systrace(4) tools, including systrace(1)) for security purposes. sysjail will continue to be updated for future releases of implementing systems. http://sysjail.bsd.lv/
[^] # Re: Jails ?
Posté par benja . En réponse à la dépêche La virtualisation et le libre : où en est-on ?. Évalué à 2.
IMPORTANT: Due to handling semantics of user/kernel memory in concurrent environments, the sysjail tools, in inheriting from systrace(4), are vulnerable to exploitation. Details available here. Many thanks to Robert Watson for discovering these issues! Until these problems have been addressed, we do not recommend using sysjail (or any systrace(4) tools, including systrace(1)) for security purposes. sysjail will continue to be updated for future releases of implementing systems.
http://sysjail.bsd.lv/