From owner-freebsd-hackers@FreeBSD.ORG Wed Sep 22 17:40:15 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A66B116A5BC for ; Wed, 22 Sep 2004 17:40:15 +0000 (GMT) Received: from vsmtp3.tin.it (vsmtp3alice.tin.it [212.216.176.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id C1DCC43D2D for ; Wed, 22 Sep 2004 17:40:12 +0000 (GMT) (envelope-from rionda@gufi.org) Received: from kaiser.sig11.org (82.52.116.89) by vsmtp3.tin.it (7.0.027) id 414B175C00218C3B for freebsd-hackers@freebsd.org; Wed, 22 Sep 2004 19:40:12 +0200 Received: from [127.0.0.1] (localhost [127.0.0.1]) by kaiser.sig11.org (Postfix) with ESMTP id 78E4CB5 for ; Wed, 22 Sep 2004 19:40:10 +0200 (CEST) From: Matteo Riondato To: freebsd-hackers@freebsd.org Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-jJu8oIZM81uXEI7tXbnm" Message-Id: <1095874809.50307.59.camel@kaiser.sig11.org> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Wed, 22 Sep 2004 19:40:10 +0200 Subject: Some questions about jails X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: rionda@gufi.org List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Sep 2004 17:40:15 -0000 --=-jJu8oIZM81uXEI7tXbnm Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello hackers! I've a few questions about jail(8) and hope you'll be so kind to answer them =3D) First of all: Why is procfs(5) required inside a jail (speaking about 5.x and 6) ? " As procfs is considered deprecated due to its inherent security risks",why should it be used inside a jail? Second question: why does an "ifconfig" from inside a jail list every network card present in the host system? Wouldn't it be better if only lo0 and the interface with the jail IP are listed ? I think it will, because it's my personal opinion (please refute me, I can be wrong) that one jail's purpouses is to fool the jail users, making them believe that they are inside a real system. I came to this conclusion reading about security.jail.getfstatroot_only in jail(8). Thank you in advance for your replies. Best Regards --=20 Rionda aka Matteo Riondato GUFI Staff Member (http://www.gufi.org) FreeSBIE Developer (http://www.freesbie.org) BSD-FAQ-it Main Developer (http://www.gufi.org/~rionda) Sent from: kaiser.sig11.org running FreeBSD-6.0-CURRENT --=-jJu8oIZM81uXEI7tXbnm Content-Type: application/pgp-signature; name=signature.asc Content-Description: Questa parte del messaggio =?ISO-8859-1?Q?=E8?= firmata -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQBBUbj52Mp4pR7Fa+wRAk8MAJ0QA4QT62V087xjhecCPECcU45Q3wCgyFUv YYXhkCv7WeSRYr/p2nHLkNw= =wNlf -----END PGP SIGNATURE----- --=-jJu8oIZM81uXEI7tXbnm--