DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 19th July 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,974
Default Introducing tame(2) with OpenBSD 5.8

The tame(2) syscall is a new kernel facility, announced yesterday on the OpenBSD tech@ mailing list. It was announced there, rather than more broadly, because it is still a work in progress, and developments continue. As I write this, revisions to the tame(2) man page were committed within the last hour.

The tame(2) service will be available with OpenBSD 5.8 when released later this year. This new facility permits both fine-grained service restrictions, and restrictions that are different than chroot(2), and I expect both may be deployed together when appropriate.

The tame(2) syscall is an an application developer's tool to limit the scope of system services available to the application. At the moment, these types of service categories are defined in tame(2), which an application developer may select from:
  • pure computation services
  • memory management
  • file I/O operations
  • read operations
  • write operations
  • temporary file management
  • file and directory creation
  • network services
  • Unix socket services
  • Domain resolution services
  • user and group identity services
  • file descriptor message services
  • child process management
Once syscalls are restricted by tame(2), they cannot be reversed for the life of the tamed process. Any syscall requests that violate the requested restriction will result in a killed or aborted process, as the developer directs.

Last edited by jggimi; 21st July 2015 at 10:25 AM. Reason: typo
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
NetBSD Introducing NPF, NetBSD's new packet filter s0xxx News 1 14th September 2010 05:22 PM


All times are GMT. The time now is 05:42 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick