From owner-freebsd-hackers@FreeBSD.ORG Sun May 28 21:33:07 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB24D16CFE6 for ; Sun, 28 May 2006 21:27:04 +0000 (UTC) (envelope-from V.Haisman@sh.cvut.cz) Received: from service.sh.cvut.cz (service.sh.cvut.cz [147.32.127.214]) by mx1.FreeBSD.org (Postfix) with ESMTP id AFAAC43D4C for ; Sun, 28 May 2006 21:27:03 +0000 (GMT) (envelope-from V.Haisman@sh.cvut.cz) Received: from localhost (localhost [127.0.0.1]) by service.sh.cvut.cz (Postfix) with ESMTP id D62261A32E6; Sun, 28 May 2006 23:27:01 +0200 (CEST) Received: from service.sh.cvut.cz ([127.0.0.1]) by localhost (service [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03884-02; Sun, 28 May 2006 23:26:58 +0200 (CEST) Received: from logout.sh.cvut.cz (logout.sh.cvut.cz [147.32.127.203]) by service.sh.cvut.cz (Postfix) with ESMTP id B89C41A32E5; Sun, 28 May 2006 23:26:58 +0200 (CEST) Received: from [192.168.1.2] (localhost [127.0.0.1]) by logout.sh.cvut.cz (Postfix) with ESMTP id EE72761C63; Sun, 28 May 2006 23:26:57 +0200 (CEST) Message-ID: <447A1598.2080401@sh.cvut.cz> Date: Sun, 28 May 2006 23:26:48 +0200 From: =?UTF-8?B?VsOhY2xhdiBIYWlzbWFu?= User-Agent: Thunderbird 1.5.0.2 (Windows/20060308) MIME-Version: 1.0 To: Anatoli Klassen References: <4479A99E.8080708@aksoft.net> In-Reply-To: <4479A99E.8080708@aksoft.net> X-Enigmail-Version: 0.94.0.0 OpenPGP: id=733031B4 Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAMFBMVEUnMzWJm5S+0864pn5r blp/hnW2up7X7uqftbNRVUrW1LGBdGfHwJqPi3ScoYtBQzhDxGEwAAAAB3RJTUUH1QoQDDgyQtx8 HQAAAkNJREFUeJzFU0toU0EUPYu66CpGdCUUmoUJkpUDQUoNBVEUrBJsq1Ki2EIKIUZ8mydBhYi0 wVUXJVCLCrFN4DIEQdxIqdBIFsMkWD9YJClCRGKjJaviynjfe8RPogtXPcObuXPOPXd+PHj+Aeyo QNmobGLXVeANGM+GsP0B2yqHHNVoCD2LwLglVGZx7yXSlADR0uZu9C4Bpy3hUxPvH/cuUw6UoPCL h64I8KAJuMpwRU8uUMJy0OIpHVeXmulZoCc/t0LlTbJLEY1EudPRcnVjgAP5Osdl4K5HVP4+2bAI okaUA0Iq6Q59+Zy2eMWN6EpFTsa3+uD1+JKj4TPHuYTSMaLScLAaqk94YJqG4ds30hojOVgYoNJc NTztNU2TBYbhu9Aafnq08ORja37da1NwBrN/b7NVEc+b8yecuYkp08vNvLYneVZRaSH1vS0UnfHm OUPzWaZufHPmCWSdWrfeGVQQKmcsO4If8pAdXJ/xF4QQAeOVY1AQQcfirwkLUWeWVTgi6vaGt2xe BGzBEIMQorru8RxgPqY1V6uxYnwVBRZEI1ytCm3dE8mC2DgcbzCJGHdBEVDKuWDSwsrSGoqzJmNt 2jJpNueIH0qS8/0JrDKnVBdvOzIsdVr4zaX9dn9xcLLKdCtQGfutVacLE9Ja+yfbDvO4aMWrklfK /JYv15C8Kw9S10kup5Bys0N1bLdcn4HvTl/Xlh6Fpllwj5/XpH9BUXn/ym0Dvv7Rt2MywojpYiSi i7Hsscaa19zZ//y/hR+BT/ns80nmJAAAAABJRU5ErkJggg== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig5DDBA4ABE3091A88C720C5F6" X-Virus-Scanned: by amavisd-new at sh.cvut.cz X-Spam-Status: No, hits=-5.9 tagged_above=-255.0 required=5.0 tests=ALL_TRUSTED, BAYES_00 X-Spam-Level: Cc: freebsd-hackers@freebsd.org Subject: Re: security.bsd.see_other_uids for jails X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 May 2006 21:33:12 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig5DDBA4ABE3091A88C720C5F6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Anatoli Klassen wrote: > Hi All, >=20 > if security.bsd.see_other_uids is set to 0, users from the main system > can still see processes from jails if they have (by accident) the save = uid. >=20 > For me it's wrong behavior because the main system and the jail are two= > different systems where uids are independent. >=20 > Could somebody explain the case? >=20 > Regards, > Anatoli What about mac_partition? Not that I have tried it. It just seems it could be what you want. -- VH --------------enig5DDBA4ABE3091A88C720C5F6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRHoVoW56zbtzMDG0AQLeHgf8Cj0f0w1MyDHimRcE9o8f9qYoXZOvZeFD L8SKzG+KvrLSDdzRguj151OCksL9W+Zu3Jbl2ZIMvszxcdwBKkn0fdFln02sd+HA POd+CqntnFFTHVHGhtCFxwXbFT8yNGPQeimVvDp0Ta1DeuxowZO9hzhR+qgqbz2G F3fwieuDhZOVbMZefbUd/mYclqPoM/fP+dkvRN2zb3YhFPGVBJPsekHdpHgPkqYk rV3FA3izs7ZdEwvrhggVSlK+bzetalzPS0g9T4EKEseVUVT35cejLqnacWviViL5 7nx5PrDhfCKJDKlvl+zz3dygNm6Q3xCVVle6jUlGAQMd4+CN+qZvHg== =A4ER -----END PGP SIGNATURE----- --------------enig5DDBA4ABE3091A88C720C5F6--