RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 15:47:45 +00:00
Code Issues Activity Actions

Kernel: Allow configuring a Jail to not impose PID isolation restriction

Browse source 
This is quite useful for userspace applications that can't cope with the
restriction, but it's still useful to impose other non-configurable
restrictions by using jails.
This commit is contained in:
Liav A 2023-01-12 22:47:09 +02:00 committed by Jelle Raaijmakers
parent cf8875426d
commit 8289759f1d
11 changed files with 62 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Base/usr/share/man/man7/Mitigations.md
View file

@ -95,7 +95,7 @@ Kernel: Add a basic implementation of unveil()
`jails` are mitigation originating from FreeBSD.
It allows a program to be placed inside a lightweight OS-level virtualization environment.
Current restrictions on jailed processes:
Current restrictions on jailed processes (configurable when creating a Jail):
- Process ID view isolation, being limited (both in `/proc` and `/sys/kernel/processes`) to only processes that share the same jail.
Special restrictions on filesystem also apply: