Re: security.bsd.see_other_uids for jails
- From: Anatoli Klassen <anatoli@xxxxxxxxxx>
- Date: Mon, 29 May 2006 16:38:38 +0200
David Malone wrote:
On Sun, May 28, 2006 at 03:46:06PM +0200, Anatoli Klassen wrote:if security.bsd.see_other_uids is set to 0, users from the main system can still see processes from jails if they have (by accident) the save uid.
For me it's wrong behavior because the main system and the jail are two different systems where uids are independent.
You could try the following (untested) patch to the MAC seeotheruid
module. You'd need to compile a kernel with the MAC option and then:
Thanks for the patch, maybe I'll need something like that for my environment.
But my question is if it's really intended that jail is not real virtual system but just a way to limit interaction from jail to host and not vice versa.
If it's the case than this has to be specified in jail(8).
Regards,
Anatoli
_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: security.bsd.see_other_uids for jails
- From: Robert Watson
- Re: security.bsd.see_other_uids for jails
- References:
- security.bsd.see_other_uids for jails
- From: Anatoli Klassen
- Re: security.bsd.see_other_uids for jails
- From: David Malone
- security.bsd.see_other_uids for jails
- Prev by Date: FreeBSD 6.1-RELEASE - make distribution
- Next by Date: USB device with multiple interfaces, sample code anyone?
- Previous by thread: Re: security.bsd.see_other_uids for jails
- Next by thread: Re: security.bsd.see_other_uids for jails
- Index(es):
Relevant Pages
|
|
