From owner-freebsd-jail@FreeBSD.ORG Wed Oct 7 10:17:48 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 86FA410656A9 for ; Wed, 7 Oct 2009 10:17:48 +0000 (UTC) (envelope-from greenx@yartv.ru) Received: from mail.yartv.ru (ns4.yartelenet.ru [94.158.0.17]) by mx1.freebsd.org (Postfix) with ESMTP id 3CDD58FC2A for ; Wed, 7 Oct 2009 10:17:47 +0000 (UTC) Received: from greenx.yartelenet.ru (greenx.yartelenet.ru [94.158.0.2]) by mail.yartv.ru (Postfix) with ESMTP id 38CCC730CC for ; Wed, 7 Oct 2009 14:17:45 +0400 (MSD) Message-ID: <4ACC6ABE.9050107@yartv.ru> Date: Wed, 07 Oct 2009 14:17:34 +0400 From: Andrey Groshev User-Agent: Thunderbird 2.0.0.23 (X11/20091001) MIME-Version: 1.0 To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: how to make the jail safe for the parent system? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2009 10:17:48 -0000 Hi, All! I understand, what not absolutely normal question, but... There is I and my server. Also there is other person a server responsible for a web. Periodically he wants that I would instal some software, but in my representation, this software bad or unnecessary. I wish to make jail for its and its software. To give to this person complete access to it, let does all that wants. But, if in the jail create wrong start scripts, then the parent system too cannot be started up to the end. For example: in jail in /etc/rc.local write /bin/sh And that starts all after this prison will not receive handle. Question: how it to avoid?