From owner-freebsd-bugs@FreeBSD.ORG  Sun Oct 28 17:00:04 2007
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 28BE616A418
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 28 Oct 2007 17:00:04 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 153C913C480
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 28 Oct 2007 17:00:04 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l9SH02iA010155
	for <freebsd-bugs@freefall.freebsd.org>; Sun, 28 Oct 2007 17:00:02 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l9SH02Ls010154;
	Sun, 28 Oct 2007 17:00:02 GMT (envelope-from gnats)
Date: Sun, 28 Oct 2007 17:00:02 GMT
Message-Id: <200710281700.l9SH02Ls010154@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: "Simon L. Nielsen" <simon@FreeBSD.org>
Cc: 
Subject: Re: conf/117577: rc.d/jail doesn't resolve symlinks
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: "Simon L. Nielsen" <simon@FreeBSD.org>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Oct 2007 17:00:04 -0000

The following reply was made to PR conf/117577; it has been noted by GNATS.

From: "Simon L. Nielsen" <simon@FreeBSD.org>
To: Johan Granath <nollan@phreaker.net>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: conf/117577: rc.d/jail doesn't resolve symlinks
Date: Sun, 28 Oct 2007 17:32:58 +0100

 On 2007.10.27 22:17:00 +0000, Johan Granath wrote:
 
 > When setting the jail_jailname_rootdir to a path that contains
 > symlinks, the rc.d/jail script has problems mounting mount_devfs on
 > that path, obviously. To solve the issue you have to put the
 > absolute path to that rcvar.
 
 This is a known limitation.  It sucks but so far nobody has been able
 to / cared enough to come up with a patch which handles the symlinks
 in a secure manner.  See
 http://security.freebsd.org/advisories/FreeBSD-SA-07:01.jail.asc for
 details.
 
 > In my opinion th rc.d/jail script should handle this, so I made a patch.
 
 There wasn't a patch attached to the PR?
 
 -- 
 Simon L. Nielsen