Date: Wed, 17 Oct 2001 08:23:09 -0700 (PDT) From: David Oleszkiewicz <davido@labrador.dhs.org> To: =?iso-8859-1?Q?=D8rjan_W_T=F8nder?= <orjan@mirach.no> Cc: <newbies@FreeBSD.ORG> Subject: Re: tested the jail command.... Message-ID: <20011017082041.V3201-100000@labrador.dhs.org> In-Reply-To: <001801c156e2$8c6ebdf0$19101a0a@kurs.sta.itakademiet.no>
next in thread | previous in thread | raw e-mail | index | archive | help
I don't know much about the jails, but i thought the idea was that you make a /var/jail dir and then you chmod 000 it. This means that the application can't write or read any files and especially can't make new ones. my impression was that you run some daemon there that doesn't need to open or close any new files. so the daemon opens the files it needs and then chdir()'s to the jail directory and the idea it that it can't hurt the system in anyway if someone try's to exploit some buffer overflow bug. i'm not sure if some of this applies to what you are trying to do, but it would seem to coincide with things not working or being created. dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011017082041.V3201-100000>