Update of /cvsroot/devil-linux/build/config/etc/sysconfig/jail
In directory sc8-pr-cvs1:/tmp/cvs-serv26373/config/etc/sysconfig/jail
Modified Files:
DOMINO ISC_BIND POSTFIX SAGATOR
Log Message:
- jail script has new command DELETE
- domino jail script now empties the lib and etc directories before creating
the jail
- added support for libsafe to all available chroot jail configurations
Index: DOMINO
===================================================================
RCS file: /cvsroot/devil-linux/build/config/etc/sysconfig/jail/DOMINO,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- DOMINO 23 Dec 2003 14:57:01 -0000 1.9
+++ DOMINO 26 Dec 2003 14:46:55 -0000 1.10
@@ -9,13 +9,17 @@
# name of the daemon
NAME Lotus Domino
-# define user and group under which this daemon should run
-USER notes
-GROUP notes
+# delete the following directories/files, before doing anything
+DELETE /etc/*
+DELETE /lib/*
# define this, when the jail directory should not be emptied
NODELETE 1
+# define user and group under which this daemon should run
+USER notes
+GROUP notes
+
# devices to create
# parameter: devicename type major minor user.group rights
DEV null c 1 3 0.0 0666
@@ -31,6 +35,9 @@
COPY /etc/nsswitch.conf
COPY /lib/libnss_dns*
COPY /etc/localtime
+COPY /etc/ld.so.*
+COPY /etc/libsafe.exclude
+COPY /lib/libsafe.so.2
# set Linux capabilities
Index: ISC_BIND
===================================================================
RCS file: /cvsroot/devil-linux/build/config/etc/sysconfig/jail/ISC_BIND,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- ISC_BIND 23 Dec 2003 14:57:01 -0000 1.8
+++ ISC_BIND 26 Dec 2003 14:46:55 -0000 1.9
@@ -29,6 +29,9 @@
# files and directories to copy
COPY /etc/named
COPY /etc/named.conf
+COPY /etc/ld.so.*
+COPY /etc/libsafe.exclude
+COPY /lib/libsafe.so.2
# set Linux capabilities
#CAP CAP_NET_BIND_SERVICE
Index: POSTFIX
===================================================================
RCS file: /cvsroot/devil-linux/build/config/etc/sysconfig/jail/POSTFIX,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- POSTFIX 24 Dec 2003 01:18:33 -0000 1.5
+++ POSTFIX 26 Dec 2003 14:46:55 -0000 1.6
@@ -52,7 +52,9 @@
COPY /etc/group
COPY /etc/shadow
COPY /etc/gshadow
-
+COPY /etc/ld.so.*
+COPY /etc/libsafe.exclude
+COPY /lib/libsafe.so.2
# set Linux capabilities
#CAP CAP_NET_BIND_SERVICE
Index: SAGATOR
===================================================================
RCS file: /cvsroot/devil-linux/build/config/etc/sysconfig/jail/SAGATOR,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- SAGATOR 23 Dec 2003 14:57:01 -0000 1.4
+++ SAGATOR 26 Dec 2003 14:46:55 -0000 1.5
@@ -51,6 +51,9 @@
COPY /usr/bin/unarj
COPY /usr/bin/unrar
COPY /usr/bin/unzip
+COPY /etc/ld.so.*
+COPY /etc/libsafe.exclude
+COPY /lib/libsafe.so.2
MKDIR /tmp/quarantine
CHMOD 777 /tmp/quarantine
|
