From owner-freebsd-current@FreeBSD.ORG  Sun Feb  5 15:30:47 2006
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: current@freebsd.org
Delivered-To: freebsd-current@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 182C116A420
	for <current@freebsd.org>; Sun,  5 Feb 2006 15:30:47 +0000 (GMT)
	(envelope-from joseph.koshy@gmail.com)
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.192])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6338943D46
	for <current@freebsd.org>; Sun,  5 Feb 2006 15:30:45 +0000 (GMT)
	(envelope-from joseph.koshy@gmail.com)
Received: by xproxy.gmail.com with SMTP id s9so646058wxc
	for <current@freebsd.org>; Sun, 05 Feb 2006 07:30:44 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=WNzI5KJ5ciYSh/3IWndt4UcfFh0PB3cPyiOX10EpAg1j4s0Ry0BQhHEu11EmPS2D/scKVRXsY2iTNpmbpRj0fYfCVu3yQBD6CKgJWb6XjKwEl6hDuPpiafuGrmjb1tjNHvdTd8GEIEkEzhbwQwbilmfZSAmkXU38mrSQMlWDbE8=
Received: by 10.70.118.19 with SMTP id q19mr2694061wxc;
	Sun, 05 Feb 2006 07:30:44 -0800 (PST)
Received: by 10.70.105.2 with HTTP; Sun, 5 Feb 2006 07:30:44 -0800 (PST)
Message-ID: <84dead720602050730s3fe89785nf142bc99f41b45ba@mail.gmail.com>
Date: Sun, 5 Feb 2006 21:00:44 +0530
From: Joseph Koshy <joseph.koshy@gmail.com>
To: =?ISO-8859-1?Q?Bj=F6rn_K=F6nig?= <bkoenig@cs.tu-berlin.de>
In-Reply-To: <43E616EF.9020704@cs.tu-berlin.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <43E60708.9000902@cs.tu-berlin.de>
	<20060205141626.N76666@fledge.watson.org>
	<43E616EF.9020704@cs.tu-berlin.de>
Cc: Robert Watson <rwatson@freebsd.org>, current@freebsd.org
Subject: Re: unprivileged users are able to kill certain jailed processes
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Feb 2006 15:30:47 -0000

bk> That means you have to consider that the host environment
bk> need to be trustworthy if you use jails and as long as you
bk> can't guarantee strict isolation of the host environment
bk> from the point of view of unprivileged users it would be
bk> the wrong way to obscure jails from these users
bk> partially, like I suggested.

On FreeBSD 5 and later there is mac_partition(4).  You
could investigate using setpmac(8) to run processes inside
the jail with a different partition label than processes
in the host environment.

--
FreeBSD Volunteer,     http://people.freebsd.org/~jkoshy