search for: highuid

...define a range of uids as sysctl variables to be used as "compartiments". For example, mac.mac_uids.lowuid mac.mac_uids.highid And it would be implemented so that: Below a given security level, (mac.mac_uids.enforce_below) - Any operation of a subject with uid x (between lowuid and highuid) on an object with uid y (between lowuid and highuid) would fail. - A subject with a given security level could not modify an object with a higher security level. This, combined with a chroot tree would (I think) be much better than the typical solutions available. The webserver process wou...