From owner-freebsd-hackers@FreeBSD.ORG  Sat Nov 24 21:21:56 2007
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B6A1C16A41B
	for <freebsd-hackers@freebsd.org>; Sat, 24 Nov 2007 21:21:56 +0000 (UTC)
	(envelope-from peterjeremy@optushome.com.au)
Received: from mail09.syd.optusnet.com.au (mail09.syd.optusnet.com.au
	[211.29.132.190])
	by mx1.freebsd.org (Postfix) with ESMTP id 46ADA13C459
	for <freebsd-hackers@freebsd.org>; Sat, 24 Nov 2007 21:21:55 +0000 (UTC)
	(envelope-from peterjeremy@optushome.com.au)
Received: from server.vk2pj.dyndns.org
	(c220-239-20-82.belrs4.nsw.optusnet.com.au [220.239.20.82])
	by mail09.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id
	lAOLLj0d005492
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Sun, 25 Nov 2007 08:21:45 +1100
Received: from server.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1])
	by server.vk2pj.dyndns.org (8.14.1/8.14.1) with ESMTP id lAOLLiHp032837;
	Sun, 25 Nov 2007 08:21:44 +1100 (EST)
	(envelope-from peter@server.vk2pj.dyndns.org)
Received: (from peter@localhost)
	by server.vk2pj.dyndns.org (8.14.1/8.14.1/Submit) id lAOLLhXh032832;
	Sun, 25 Nov 2007 08:21:43 +1100 (EST) (envelope-from peter)
Date: Sun, 25 Nov 2007 08:21:43 +1100
From: Peter Jeremy <peterjeremy@optushome.com.au>
To: Gabor Tjong A Hung <g.v.tjongahung@gmail.com>
Message-ID: <20071124212143.GC50167@server.vk2pj.dyndns.org>
References: <8AAADCFE-9D0D-4801-8684-5BD6A3070C2C@GMail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="+KJYzRxRHjYqLGl5"
Content-Disposition: inline
In-Reply-To: <8AAADCFE-9D0D-4801-8684-5BD6A3070C2C@GMail.com>
X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc
User-Agent: Mutt/1.5.16 (2007-06-09)
Cc: freebsd-hackers@freebsd.org
Subject: Re: Need for SysV IPC to be confined to jail instances
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Nov 2007 21:21:56 -0000


--+KJYzRxRHjYqLGl5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Nov 24, 2007 at 12:11:18PM +0100, Gabor Tjong A Hung wrote:
>As I came to understand, if you enable jail_sysvipc_allow in rc.conf I am=
=20
>defeating the purpose of a jail.

Not totally defeating the purpose but SysV IPC is not jail-aware so
any jailed process can see and affect the global SysV IPC state.

>I got a suggestion that it might be possible to have sys v ipc confined to=
=20
>a jail instance and perhaps let it work like a telephone number.

This has come up before.  See (eg):
http://www.freebsd.org/cgi/query-pr.cgi?pr=3D48471
and the thread beginning
http://lists.freebsd.org/pipermail/freebsd-current/2006-April/062261.html

--=20
Peter Jeremy
Please excuse any delays as the result of my ISP's inability to implement
an MTA that is either RFC2821-compliant or matches their claimed behaviour.

--+KJYzRxRHjYqLGl5
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFHSJXn/opHv/APuIcRAsQIAJ9PnTA2/t1/07EXCpuhtya+n/hcDwCgjVER
+sjvAGCaZZEKkpYpYQ+GJbk=
=fZoe
-----END PGP SIGNATURE-----

--+KJYzRxRHjYqLGl5--