Date: Wed, 22 Dec 2010 19:41:15 -0800 From: "Jason C. Wells" <jcw@speakeasy.net> To: "Chad Leigh -- Shire.Net LLC" <chad@shire.net> Cc: freebsd general questions <freebsd-questions@freebsd.org> Subject: Re: Nullfs Allows Jailbreaking Message-ID: <4D12C4DB.9060003@speakeasy.net> In-Reply-To: <09452D14-1133-4282-ACF3-648D6607644A@shire.net> References: <4D12BA51.2010602@speakeasy.net> <09452D14-1133-4282-ACF3-648D6607644A@shire.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/22/10 19:00, Chad Leigh -- Shire.Net LLC wrote: > I have been doing this for years with great success. I don't understand your question. How does it look like everything is read only from inside the jail? The fact that a "df" only shows the root filesystem and not all your others file systems? (assuming that is still the truth -- my jails do this on older FBSD systems Your report of great success is encouraging. I've never done this and sometimes you don't see the full consequences when you haven't done something before. I think you understand my question. It's the fact that mount(8) report read only. If you looked at that, you would conclude that you had no write access at all. Well, I set up the jail, so I can see behind the curtain. A downstream user that never saw behind the curtain wouldn't know where they could write a file unless they simply guessed. That is why I asked about jailbreaking. There is information crossing the jail in a mysterious way. The jail reports that everything under root is read only, but the jail can still see the read-writeness of the invisible (to mount) null filesystems. From the sound of it, this is expected behavior. Regards, Jason C. Wells
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D12C4DB.9060003>