Date: Mon, 27 Apr 2009 20:38:27 +0000 (UTC) From: Christian Brueffer <brueffer@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r191598 - in releng/7.2: usr.bin/cpuset usr.sbin/jail Message-ID: <200904272038.n3RKcRhS026263@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brueffer Date: Mon Apr 27 20:38:27 2009 New Revision: 191598 URL: http://svn.freebsd.org/changeset/base/191598 Log: Document an issue of jail(8) in conjunction with cpuset(1). Problem reported by: Miroslav Lachman <000.fbsd@quip.cz> Reviewed by: bz Approved by: re (kib) Modified: releng/7.2/usr.bin/cpuset/cpuset.1 releng/7.2/usr.sbin/jail/jail.8 Modified: releng/7.2/usr.bin/cpuset/cpuset.1 ============================================================================== --- releng/7.2/usr.bin/cpuset/cpuset.1 Mon Apr 27 20:23:22 2009 (r191597) +++ releng/7.2/usr.bin/cpuset/cpuset.1 Mon Apr 27 20:38:27 2009 (r191598) @@ -177,3 +177,9 @@ command first appeared in .Fx 7.1 . .Sh AUTHORS .An Jeffrey Roberson Aq jeff@FreeBSD.org +.Sh BUGS +At the moment it is possible for a superuser inside a +.Xr jail 8 +to modify the root +.Xr cpuset 2 +of that jail. Modified: releng/7.2/usr.sbin/jail/jail.8 ============================================================================== --- releng/7.2/usr.sbin/jail/jail.8 Mon Apr 27 20:23:22 2009 (r191597) +++ releng/7.2/usr.sbin/jail/jail.8 Mon Apr 27 20:38:27 2009 (r191598) @@ -699,3 +699,9 @@ Currently, the simplest answer is to min offered on the host, possibly limiting it to services offered from .Xr inetd 8 which is easily configurable. +.Pp +At the moment it is possible for a superuser inside a +.Nm +to modify the root +.Xr cpuset 2 +of that jail.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200904272038.n3RKcRhS026263>