From owner-freebsd-jail@FreeBSD.ORG Mon May 21 20:23:50 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 824EE1065689; Mon, 21 May 2012 20:23:50 +0000 (UTC) (envelope-from utisoft@gmail.com) Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 6D0E98FC21; Mon, 21 May 2012 20:23:49 +0000 (UTC) Received: by bkvi18 with SMTP id i18so5921852bkv.13 for ; Mon, 21 May 2012 13:23:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; bh=+3gUUACBlt1FRomjjF2sZQVa9sAGNd7ls/TNeLfSxJA=; b=DrvqpjhBkb7TZQcEbl4J6ZrMMfJ3aWEJnGJ3Mkpdfk4Br79u1U0T1beBdheQItGV+p Y1qnbstX0kpxvgq40aNrG4SeJ1zauxHOfeSpgtBVe+iurqAw3d6i+fbJueJQ5jUAKzcv 3GgkfvXtg073p5xqYTFgElf0j3WPcx6mfQQdBNikv7UQreoDNHMNghFRhMIoYSj0fnU2 FBuLgg5eO1m2oFjE9FShDyu3mJleJeGCkfHi+O20o3sxIyF1uMgEOTF+gMgkzL4ZGTat FxLyFfuLPOypKNlDuIoIE1bZjNa7B4l8Sz/SmPFJrPafMtH/NB+fCHJyx1WkXPH0WQcO BwFg== Received: by 10.204.154.214 with SMTP id p22mr8154969bkw.115.1337631828214; Mon, 21 May 2012 13:23:48 -0700 (PDT) MIME-Version: 1.0 Sender: utisoft@gmail.com Received: by 10.204.171.138 with HTTP; Mon, 21 May 2012 13:23:17 -0700 (PDT) In-Reply-To: <39149.1337630268@critter.freebsd.dk> References: <39149.1337630268@critter.freebsd.dk> From: Chris Rees Date: Mon, 21 May 2012 21:23:17 +0100 X-Google-Sender-Auth: i8E4VIzuT8icu-otOqTxWSu5MFA Message-ID: To: Poul-Henning Kamp Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-hackers@freebsd.org, freebsd-jail@freebsd.org, David Windsor Subject: Re: PID/UID namespaces X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 May 2012 20:23:50 -0000 On 21 May 2012 20:57, Poul-Henning Kamp wrote: > In message > , Chris Rees writes: > >>It would certainly prevent many common problems when setting up jails; >>UID collision is much more common than you'd think, given that the >>default UIDs remain the same. > > Uhm... jails have separate UID/GID spaces. > > Filesystems mounted or visible in multiple jails act as shared UID/GID > (sub-)spaces for those jails, but there is now way to avoid that, it's > a direct consequence of the sharing of the filesystems. Yes, beg pardon, my mistake-- that's what I was meaning to refer to. I still have a patch in GNATS for the docs about that, but it's been the subject of amazing controversy. Chris