stsh is the systrace shell, useful in enforcing systrace usage on a system. it is used to replace the normal user's login shell and spawn a correctly systraced shell for their use. this therefore requires a comprehensive systrace policy to be created.

supported platforms:

stsh is available under a BSD license.


1. build and install stsh as /bin/stsh
2. for every user you want to have under stsh (a systraced env), make sure they are in the systrace class. man passwd(5) for how to add them to this class. the class should look like this in login.conf(5):
3. test ... make sure you have a lot of systrace policies ready to go. i created a test user, "stsh", for this purpose and logged in as them a few times. tail -f /var/log/messages and you'll see stuff like this:
Sep 23 22:45:57 gibbs systrace: deny user: stsh, prog: /bin/df, pid: 2318(2)[31048], policy: /bin/df, filters: 0, syscall: native-sigaction(46), args: 12
if you see that, fix up your policies. some base policies are in policies/.

things you shouldn't do with stsh

you should NOT make a user's shell in /etc/passwd stsh. that will just not work.

you should NOT attempt to use this without systrace policies. you won't be able to log in.

don't use this software without being prepared to do a lot of work on your end debugging your environment.



niels provos, dug song, eric jackson for ideas, systrace support, and patches. gustavo's help with the login.conf(5) installation method. can acar and justin heesemann for bugreports and testing. jeff nathan for some help in getting 0.3 out the door.