From owner-freebsd-questions@FreeBSD.ORG  Thu Dec 23 03:41:17 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 00AB4106566B
	for <freebsd-questions@freebsd.org>;
	Thu, 23 Dec 2010 03:41:17 +0000 (UTC)
	(envelope-from jcw@speakeasy.net)
Received: from mail3.sea5.speakeasy.net (mail3.sea5.speakeasy.net
	[69.17.117.42]) by mx1.freebsd.org (Postfix) with ESMTP id D18848FC14
	for <freebsd-questions@freebsd.org>;
	Thu, 23 Dec 2010 03:41:16 +0000 (UTC)
Received: (qmail 384 invoked from network); 23 Dec 2010 03:41:16 -0000
Received: from s6.stradamotorsports.com (HELO w16.stradamotorsports.com)
	(jcw@[64.81.163.124]) (envelope-sender <jcw@speakeasy.net>)
	by mail3.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP
	for <chad@shire.net>; 23 Dec 2010 03:41:16 -0000
Message-ID: <4D12C4DB.9060003@speakeasy.net>
Date: Wed, 22 Dec 2010 19:41:15 -0800
From: "Jason C. Wells" <jcw@speakeasy.net>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US;
	rv:1.9.1.10) Gecko/20100808 Lightning/1.0b1 Thunderbird/3.0.5
MIME-Version: 1.0
To: "Chad Leigh -- Shire.Net LLC" <chad@shire.net>
References: <4D12BA51.2010602@speakeasy.net>
	<09452D14-1133-4282-ACF3-648D6607644A@shire.net>
In-Reply-To: <09452D14-1133-4282-ACF3-648D6607644A@shire.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd general questions <freebsd-questions@freebsd.org>
Subject: Re: Nullfs Allows Jailbreaking
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Dec 2010 03:41:17 -0000

On 12/22/10 19:00, Chad Leigh -- Shire.Net LLC wrote:
> I have been doing this for years with great success.   I don't understand your question.   How does it look like everything is read only from inside the jail?  The fact that a "df" only shows the root filesystem and not all your others file systems? (assuming that is still the truth -- my jails do this on older FBSD systems
Your report of great success is encouraging.  I've never done this and 
sometimes you don't see the full consequences when you haven't done 
something before.

I think you understand my question.  It's the fact that mount(8) report 
read only. If you looked at that, you would conclude that you had no 
write access at all.  Well, I set up the jail, so I can see behind the 
curtain.  A downstream user that never saw behind the curtain wouldn't 
know where they could write a file unless they simply guessed.

That is why I asked about jailbreaking.  There is information crossing 
the jail in a mysterious way.  The jail reports that everything under 
root is read only, but the jail can still see the read-writeness of the 
invisible (to mount) null filesystems.

 From the sound of it, this is expected behavior.

Regards,
Jason C. Wells