Date: Tue, 24 Nov 2015 13:00:58 +0300 From: Sergey Zakharchenko <doublef.mobile@gmail.com> To: freebsd-jail@freebsd.org Subject: Jail nullfs mount information visibility [redirected from secteam@] Message-ID: <CADYCxoMbj7c5EyqvabUptZHjra4k_PEVZ8HckcAiAAtt=unjVA@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello, I doubt this is an issue at all, but how some of the information hiding in jails work seemed a bit illogical. FreeBSD seems to be trying to hide nullfs mounts inside jails from the jailed proceses, but it isn't very good or consistent at it. For example: (inside the jail, which has a nullfs mount /path/outside/of/jail -> /path/inside/jail/to/nullfs/mount): # df Filesystem 512-blocks Used Avail Capacity Mounted on whatever/is/jails/root/dev ... ... ... ...% / OK, I can understand this (no nullfs mounts show up), but I don't get the following: # df /path/inside/jail/to/nullfs/mount/and/deeper Filesystem 512-blocks Used Avail Capacity Mounted on /path/outside/of/jail ... ... ... ...% [restricted] Why would you hide the target of the mount point (which I supposedly know, since I need it to issue the df command) , but expose the source (/path/outside/of/jail)? Shouldn't it be the other way around? # uname -a FreeBSD e40a1050f614 10.2-RELEASE FreeBSD 10.2-RELEASE #0 r286666: Wed Aug 12 15:26:37 UTC 2015 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 Best regards, -- DoubleF
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADYCxoMbj7c5EyqvabUptZHjra4k_PEVZ8HckcAiAAtt=unjVA>