Contributed by sean on from the new toys dept.
sysjail, an OpenBSD and NetBSD "jail" implementation, has reached freeze before its 1.0 release. This release will feature full (limited by "what's possible") jail compatibility, plus some extra niceties:
sysjail uses a combination of chroot(2) and systrace(1) to create jailed environments. We are in need of people to batter the system, both from a security and usability perspective, before the release. I anticipate at least a few weeks of heavy testing to flush out all border conditions one can use to panic sysjail or provide a means to break through the jail barrier - for example, by providing bogus syscall values, or running one's favourite fhroot-breaker. If you've a quick and dirty means to benchmark sysjail against common usage, please let us know as well!
Editors Note: There does not seem to be a port of this application yet so please make one if you use it. If you don't know how to make/submit a port then this would be a good one to cut your teeth on!
(Comments are closed)