From owner-freebsd-jail@FreeBSD.ORG Wed Oct 7 14:47:32 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5194A106566B for ; Wed, 7 Oct 2009 14:47:32 +0000 (UTC) (envelope-from kostjn@peterhost.ru) Received: from mail.z8.ru (mail.z8.ru [80.93.58.56]) by mx1.freebsd.org (Postfix) with ESMTP id 117D68FC12 for ; Wed, 7 Oct 2009 14:47:31 +0000 (UTC) Received: from [85.235.196.139] (helo=kostjn.pht) by mail.z8.ru with esmtpa (Exim 4.67 (FreeBSD)) (envelope-from ) id 1MvXnX-000EPP-Ss; Wed, 07 Oct 2009 18:47:23 +0400 Message-ID: <4ACCAAB7.8010507@peterhost.ru> Date: Wed, 07 Oct 2009 18:50:31 +0400 From: Menshikov Konstantin User-Agent: Thunderbird 2.0.0.21 (X11/20090423) MIME-Version: 1.0 To: Andrey Groshev References: <4ACC6ABE.9050107@yartv.ru> In-Reply-To: <4ACC6ABE.9050107@yartv.ru> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: how to make the jail safe for the parent system? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2009 14:47:32 -0000 Andrey Groshev wrote: > Hi, All! > > I understand, what not absolutely normal question, but... > > There is I and my server. > Also there is other person a server responsible for a web. > Periodically he wants that I would instal some software, but in my > representation, this software bad or unnecessary. > I wish to make jail for its and its software. > To give to this person complete access to it, let does all that wants. > But, if in the jail create wrong start scripts, then the parent system > too cannot be started up to the end. > For example: in jail in /etc/rc.local write /bin/sh > And that starts all after this prison will not receive handle. > > Question: how it to avoid? > > Hi. I`m think, that this is bug in /etc/rc.d/jail script. You can fix /etc/rc.d/jail 626 run_rc_command "${cmd}" & 627 sleep 5 instead 626 run_rc_command "${cmd}" This work.