Re: Need for SysV IPC to be confined to jail instances
- From: Peter Jeremy <peterjeremy@xxxxxxxxxxxxxxxx>
- Date: Sun, 25 Nov 2007 08:21:43 +1100
On Sat, Nov 24, 2007 at 12:11:18PM +0100, Gabor Tjong A Hung wrote:
As I came to understand, if you enable jail_sysvipc_allow in rc.conf I am
defeating the purpose of a jail.
Not totally defeating the purpose but SysV IPC is not jail-aware so
any jailed process can see and affect the global SysV IPC state.
I got a suggestion that it might be possible to have sys v ipc confined to
a jail instance and perhaps let it work like a telephone number.
This has come up before. See (eg):
http://www.freebsd.org/cgi/query-pr.cgi?pr=48471
and the thread beginning
http://lists.freebsd.org/pipermail/freebsd-current/2006-April/062261.html
--
Peter Jeremy
Please excuse any delays as the result of my ISP's inability to implement
an MTA that is either RFC2821-compliant or matches their claimed behaviour.
Attachment:
pgpU8to3IUm0e.pgp
Description: PGP signature
- References:
- Need for SysV IPC to be confined to jail instances
- From: Gabor Tjong A Hung
- Need for SysV IPC to be confined to jail instances
- Prev by Date: Re: Welcome to Hell / Mysterious networking troubles on FreeBSD
- Next by Date: RE: Welcome to Hell / Mysterious networking troubles on FreeBSD
- Previous by thread: Need for SysV IPC to be confined to jail instances
- Next by thread: doubt about IPSEC - Freebsd 7
- Index(es):
Relevant Pages
|
|
