From owner-freebsd-arch Sat May 4 11: 0:11 2002 Delivered-To: freebsd-arch@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by hub.freebsd.org (Postfix) with ESMTP id 98F1C37B41B for ; Sat, 4 May 2002 11:00:03 -0700 (PDT) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.12.2/8.12.2) with ESMTP id g44HxXQ4038215; Sat, 4 May 2002 19:59:37 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Dmitry Cc: arch@FreeBSD.ORG Subject: Re: df(1) Broken in jail(8) In-Reply-To: Your message of "Sat, 04 May 2002 21:30:08 +0400." <20020504173008.GA92411@haali.cs.msu.ru> Date: Sat, 04 May 2002 19:59:33 +0200 Message-ID: <38214.1020535173@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message <20020504173008.GA92411@haali.cs.msu.ru>, Dmitry writes: >Actually I think the only good idea is to prevent jailed users from >getting any info about host with his jail. This has never been a design-goal of jail so far. >3) Jailed user must not have a way to find out he is in jail. Hmm, > seems it is too hard for now :) This is impossible. All he has to do is try one of the operations jails don't allow and he will know. Jails are not virtual machines. If you want to do true virtual machines, then you should do that instead of hacking on jail. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message