From owner-freebsd-hackers  Tue Nov  9 13: 6: 8 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP id 8652114A1B
	for <freebsd-hackers@FreeBSD.ORG>; Tue,  9 Nov 1999 13:05:51 -0800 (PST)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id OAA94138;
	Tue, 9 Nov 1999 14:05:45 -0700 (MST)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id OAA01171; Tue, 9 Nov 1999 14:04:39 -0700 (MST)
Message-Id: <199911092104.OAA01171@harmony.village.org>
To: Jamie Bowden <ragnar@sysabend.org>
Subject: Re: Should jail treat ip-number? 
Cc: freebsd-hackers@FreeBSD.ORG
In-reply-to: Your message of "Tue, 09 Nov 1999 05:29:51 PST."
		<Pine.BSF.4.10.9911090527520.39794-100000@moo.sysabend.org> 
References: <Pine.BSF.4.10.9911090527520.39794-100000@moo.sysabend.org>  
Date: Tue, 09 Nov 1999 14:04:38 -0700
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <Pine.BSF.4.10.9911090527520.39794-100000@moo.sysabend.org> Jamie Bowden writes:
: What does jail do that chroot doesn't?  I've seen several discussions on
: jail on -hackers, but no explanation of why it was implemented, or how
: it's different from chroot.

It restricts root's ability to do things which would otherwise allow,
amoung other things, it to climb out of a chroot'd directory.  It also
doesn't allow root to create device entries, which helps to keep your
data safer.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message