mirror of
https://github.com/RGBCube/serenity
synced 2025-07-27 15:47:45 +00:00
Kernel: Allow configuring a Jail to not impose PID isolation restriction
This is quite useful for userspace applications that can't cope with the restriction, but it's still useful to impose other non-configurable restrictions by using jails.
This commit is contained in:
parent
cf8875426d
commit
8289759f1d
11 changed files with 62 additions and 23 deletions
|
@ -95,7 +95,7 @@ Kernel: Add a basic implementation of unveil()
|
|||
`jails` are mitigation originating from FreeBSD.
|
||||
It allows a program to be placed inside a lightweight OS-level virtualization environment.
|
||||
|
||||
Current restrictions on jailed processes:
|
||||
Current restrictions on jailed processes (configurable when creating a Jail):
|
||||
- Process ID view isolation, being limited (both in `/proc` and `/sys/kernel/processes`) to only processes that share the same jail.
|
||||
|
||||
Special restrictions on filesystem also apply:
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue