Date: Wed, 22 Sep 2004 19:40:10 +0200 From: Matteo Riondato <rionda@gufi.org> To: freebsd-hackers@freebsd.org Subject: Some questions about jails Message-ID: <1095874809.50307.59.camel@kaiser.sig11.org>
next in thread | raw e-mail | index | archive | help
--=-jJu8oIZM81uXEI7tXbnm Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello hackers! I've a few questions about jail(8) and hope you'll be so kind to answer them =3D) First of all: Why is procfs(5) required inside a jail (speaking about 5.x and 6) ? " As procfs is considered deprecated due to its inherent security risks",why should it be used inside a jail? Second question: why does an "ifconfig" from inside a jail list every network card present in the host system? Wouldn't it be better if only lo0 and the interface with the jail IP are listed ? I think it will, because it's my personal opinion (please refute me, I can be wrong) that one jail's purpouses is to fool the jail users, making them believe that they are inside a real system. I came to this conclusion reading about security.jail.getfstatroot_only in jail(8). Thank you in advance for your replies. Best Regards --=20 Rionda aka Matteo Riondato GUFI Staff Member (http://www.gufi.org) FreeSBIE Developer (http://www.freesbie.org) BSD-FAQ-it Main Developer (http://www.gufi.org/~rionda) Sent from: kaiser.sig11.org running FreeBSD-6.0-CURRENT --=-jJu8oIZM81uXEI7tXbnm Content-Type: application/pgp-signature; name=signature.asc Content-Description: Questa parte del messaggio =?ISO-8859-1?Q?=E8?= firmata -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQBBUbj52Mp4pR7Fa+wRAk8MAJ0QA4QT62V087xjhecCPECcU45Q3wCgyFUv YYXhkCv7WeSRYr/p2nHLkNw= =wNlf -----END PGP SIGNATURE----- --=-jJu8oIZM81uXEI7tXbnm--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1095874809.50307.59.camel>