From owner-svn-src-head@freebsd.org Mon Oct 23 13:32:03 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5F2CBE4BD31; Mon, 23 Oct 2017 13:32:03 +0000 (UTC) (envelope-from swills@FreeBSD.org) Received: from mouf.net (mouf.net [IPv6:2607:fc50:0:4400:216:3eff:fe69:33b3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mouf.net", Issuer "mouf.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 27ADC70B90; Mon, 23 Oct 2017 13:32:03 +0000 (UTC) (envelope-from swills@FreeBSD.org) Received: from lrrr.mouf.net (cpe-24-163-43-246.nc.res.rr.com [24.163.43.246]) (authenticated bits=0) by mouf.net (8.14.9/8.14.9) with ESMTP id v9NDVlII015988 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 23 Oct 2017 13:31:56 GMT (envelope-from swills@FreeBSD.org) Subject: Re: svn commit: r318751 - in head/sys: kern sys To: Allan Jude , Steven Hartland , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org References: <201705231659.v4NGxOB8013882@repo.freebsd.org> <96e0c0bc-eb9c-2ffa-9216-88678d0e8730@freebsd.org> From: Steve Wills Message-ID: <92f4d6a9-6fc7-5fbd-7fce-8584c090526d@FreeBSD.org> Date: Mon, 23 Oct 2017 09:31:42 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <96e0c0bc-eb9c-2ffa-9216-88678d0e8730@freebsd.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (mouf.net [199.48.129.64]); Mon, 23 Oct 2017 13:31:58 +0000 (UTC) X-Spam-Status: No, score=0.0 required=4.5 tests=none autolearn=unavailable autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mouf.net X-Virus-Scanned: clamav-milter 0.99.2 at mouf.net X-Virus-Status: Clean X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Oct 2017 13:32:03 -0000 Hi, On 10/21/2017 18:55, Allan Jude wrote: > On 2017-10-21 18:45, Steven Hartland wrote: >> Personally I hate that idea as like being able to see all the processes >> from the host. >> >> I have a similar hate of Linux containers where you have to jump though >> hoops just to see whats really happening on the host. >> >> On Sat, 21 Oct 2017 at 20:29, Allan Jude > Note: this does NOT change root's ability to see the processes in the jail. > > I just stops uid 1001 on the host, from using the processes owned by uid > 1001 in each jail, even in the presence of: security.bsd.see_other_uids=0 > > I think we'd be doing our users a service by enabling this by default and avoiding the potential foot-shooting. I'd even be happy if we set the other security.bsd.see_other_* to 0 by default. Or at least change the installer to default that way (if it doesn't already? I'm not sure). Personally, I'm going to do that locally anyway so if we don't do those things, I won't be upset, but saddened for our users sake. Note too that security.bsd.see_jail_proc is partially a work around for the fact that security.bsd.see_other_* doesn't work as you might expect. It's literally the UID/GID, rather than the username, so security.bsd.see_other_* has no idea that the users in the jail are not the same users on the host, which is unexpected and counter-intuitive at best and dangerous at worst. (Even if that were changed, security.bsd.see_jail_proc is still useful for the potential scenario where you don't want/need to set security.bsd.see_other_* but don't want users to see processes in jails.) Steve