From owner-freebsd-jail@FreeBSD.ORG  Mon May 21 19:57:51 2012
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 35BD8106566C;
	Mon, 21 May 2012 19:57:51 +0000 (UTC)
	(envelope-from phk@phk.freebsd.dk)
Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222])
	by mx1.freebsd.org (Postfix) with ESMTP id A63638FC15;
	Mon, 21 May 2012 19:57:50 +0000 (UTC)
Received: from critter.freebsd.dk (critter.freebsd.dk [192.168.61.3])
	by phk.freebsd.dk (Postfix) with ESMTP id 64FEB13F36;
	Mon, 21 May 2012 19:57:48 +0000 (UTC)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.14.5/8.14.5) with ESMTP id q4LJvmKt039150;
	Mon, 21 May 2012 19:57:48 GMT (envelope-from phk@phk.freebsd.dk)
To: Chris Rees <crees@FreeBSD.org>
From: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
In-Reply-To: Your message of "Mon, 21 May 2012 20:26:15 +0100."
	<CADLo838voV_Xi+A_WjD3H7E_d4Qi+OdJYnHPoim5BbZAWnXFyg@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Date: Mon, 21 May 2012 19:57:48 +0000
Message-ID: <39149.1337630268@critter.freebsd.dk>
Cc: freebsd-hackers@FreeBSD.org, freebsd-jail@FreeBSD.org,
	David Windsor <dwindsor@gmail.com>
Subject: Re: PID/UID namespaces
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 May 2012 19:57:51 -0000

In message <CADLo838voV_Xi+A_WjD3H7E_d4Qi+OdJYnHPoim5BbZAWnXFyg@mail.gmail.com>
, Chris Rees writes:

>It would certainly prevent many common problems when setting up jails;
>UID collision is much more common than you'd think, given that the
>default UIDs remain the same.

Uhm... jails have separate UID/GID spaces.

Filesystems mounted or visible in multiple jails act as shared UID/GID
(sub-)spaces for those jails, but there is now way to avoid that, it's
a direct consequence of the sharing of the filesystems.


-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.