Date: Sat, 3 Jul 2010 00:21:04 -0700 From: George Davidovich <freebsd@optimis.net> To: freebsd-questions@freebsd.org Subject: Re: jail and uname Message-ID: <20100703072104.GA89373@marvin.optimis.net> In-Reply-To: <4C2ED4F9.2010408@comclark.com> References: <4C2ED4F9.2010408@comclark.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jul 03, 2010 at 02:13:13PM +0800, Aiza wrote: > From the console of a jail I issue uname -r and get 8.0-RELEASE-p3, > which is the release level of the host. I know the jail is running a > pristine minimum install of 8.0-RELEASE. > > I would think issuing uname from within a jail environment should > respond with the info of the jail environment. Is this not a security > violation? I'm guessing your understanding of jails is a bit off. A FreeBSD jail isn't a "fully virtualised" system. As implemented, jails share the host system's kernel. The Handbook makes clear that a jail is essentially defined by a directory subtree, a hostname, an IP address, and a command. Well, that, and things like user accounts. So when you run uname, what's reported is kernel information as stored in various sysctl(8) MIBs (kern.ostype, kern.osrelease, kern.osrevision, kern.version, etc.). And because there's only one kernel, you'll get the same output from running uname on the host as you would get from running it inside a jail. -- George
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100703072104.GA89373>