Date: Fri, 21 May 2004 12:14:19 +0400 From: Gleb Smirnoff <glebius@cell.sick.ru> To: Pawel Jakub Dawidek <pjd@freebsd.org> Cc: freebsd-current@freebsd.org Subject: Re: Call for a hacker.... security.bsd.see_other_uids in jails only Message-ID: <20040521081419.GB89262@cell.sick.ru> In-Reply-To: <20040521080218.GY845@darkness.comp.waw.pl> References: <20040520220145.GN4567@genius.tao.org.uk> <20040521080218.GY845@darkness.comp.waw.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, May 21, 2004 at 10:02:18AM +0200, Pawel Jakub Dawidek wrote: P> Implementation wouldn't be probably too hard, but I can't agree it should P> be committed. We need to know where jail's virtualization ends and I think P> it is too far. Of course it will be cool to have those sysctl on per-jail P> basics, as well as others from security.bsd. tree P> (like security.bsd.suser_enabled), but I'm not sure this is the right way P> to go. P> P> Any other opinions? If someone convince me we should do it, I can do it. A more general solution will be better, but harder to implement: make some sysctl branches (e.g. security.bsd) local per jail, and possibility to change them only from host machine. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040521081419.GB89262>