Hi,
Marius A. Eriksen just finished the Linux port of systrace. You can
find the kernel patch at
http://www.citi.umich.edu/u/provos/systrace/linux.html
Systrace is a fine grained sandbox for applications and system services.
It supports interactive policy generation, intrusion detection, policy
enforcement, privilege elevation, etc. More information at
http://www.citi.umich.edu/u/provos/systrace/
Comments are appreciated.
Niels.
Hello Niels,
This is the sort of facility which can easily go on top of the existing
LTT infrastructure (http://www.opersys.com/LTT) since most of the events
you need are already cleanly caught by LTT. If we'd reintegrate the
event callback mechanisms we removed on Ingo Molnar's request (albeit
exporting them as GPLonly this time), systrace would then be easily
maintained as a loadable kernel module. In addition, since LTT already
has appropriate hooks for 6 architectures, systrace would immediately
become available on those archs (i386, PPC, S/390, ARM, MIPS, SH).
Karim
Niels Provos wrote:
> Marius A. Eriksen just finished the Linux port of systrace. You can
> find the kernel patch at
>
> http://www.citi.umich.edu/u/provos/systrace/linux.html
>
> Systrace is a fine grained sandbox for applications and system services.
> It supports interactive policy generation, intrusion detection, policy
> enforcement, privilege elevation, etc. More information at
>
> http://www.citi.umich.edu/u/provos/systrace/
>
> Comments are appreciated.
===================================================
Karim Yaghmour
[email protected]
Embedded and Real-Time Linux Expert
===================================================