From owner-freebsd-jail@FreeBSD.ORG  Thu Oct  8 06:49:24 2009
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 92D8D106566B
	for <freebsd-jail@freebsd.org>; Thu,  8 Oct 2009 06:49:24 +0000 (UTC)
	(envelope-from greenx@yartv.ru)
Received: from mail.yartv.ru (smtp.yartv.ru [94.158.0.17])
	by mx1.freebsd.org (Postfix) with ESMTP id 4EE448FC15
	for <freebsd-jail@freebsd.org>; Thu,  8 Oct 2009 06:49:24 +0000 (UTC)
Received: from greenx.yartelenet.ru (greenx.yartelenet.ru [94.158.0.2])
	by mail.yartv.ru (Postfix) with ESMTP id D29C6730CC;
	Thu,  8 Oct 2009 10:49:22 +0400 (MSD)
Message-ID: <4ACD8B66.5080508@yartv.ru>
Date: Thu, 08 Oct 2009 10:49:10 +0400
From: Andrey Groshev <greenx@yartv.ru>
User-Agent: Thunderbird 2.0.0.23 (X11/20091001)
MIME-Version: 1.0
To: Menshikov Konstantin <kostjn@peterhost.ru>
References: <4ACC6ABE.9050107@yartv.ru> <4ACCAAB7.8010507@peterhost.ru>
In-Reply-To: <4ACCAAB7.8010507@peterhost.ru>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Cc: freebsd-jail@freebsd.org
Subject: Re: how to make the jail safe for the parent system?
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2009 06:49:24 -0000

Hi,
About "&" I thought, where it to attach.:)
Yes - so works correctly.
This bug lies on a surface, PR too I can not find.
How you think, can be to write it?


Menshikov Konstantin пишет:
> Andrey Groshev wrote:
>> Hi, All!
>>
>> I understand, what not absolutely normal question, but...
>>
>> There is I and my server.
>> Also there is other person a server responsible for a web.
>> Periodically he wants that I would instal some software, but in my 
>> representation, this software bad or unnecessary.
>> I wish to make jail for its and its software.
>> To give to this person complete access to it, let does all that wants.
>> But, if in the jail create wrong start scripts, then the parent 
>> system too cannot be started up to the end.
>> For example: in jail  in /etc/rc.local write /bin/sh
>> And that starts all after this prison will not receive handle.
>>
>> Question: how it to avoid?
>>
>>
> Hi.
> I`m think, that this is bug in /etc/rc.d/jail script.
> You can fix /etc/rc.d/jail
> 626 run_rc_command "${cmd}" &
> 627 sleep 5
> instead
> 626 run_rc_command "${cmd}"
> This work.
>
>