Ability to remove/deny access to specific binaries on a per-account basis
It would be quite excellent if CageFS were able to limit/deny access to specific binaries on a per-account basis.
For example, if a specific cPanel/Plesk account had an exploited website and was using phpmail to send large amounts of spam, the ability to deny access to the sendmail binary would provide a quick method to stop the mail from being generated, while also leaving the account in a working order, and provide a means to investigate the exploit without destroying evidence.
Ideally, such a feature would be surfaced in the GUI so administrators could quickly disable the function.
26
votes
Seamus Ryan
shared this idea