From owner-freebsd-current@FreeBSD.ORG Thu Jun 1 07:54:18 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E46CB16A537; Thu, 1 Jun 2006 07:54:18 +0000 (UTC) (envelope-from daichi@freebsd.org) Received: from natial.ongs.co.jp (natial.ongs.co.jp [202.216.232.58]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2EA5F43D49; Thu, 1 Jun 2006 07:54:18 +0000 (GMT) (envelope-from daichi@freebsd.org) Received: from [192.168.1.101] (dullmdaler.ongs.co.jp [202.216.232.62]) by natial.ongs.co.jp (Postfix) with ESMTP id 376A0244C3A; Thu, 1 Jun 2006 16:54:17 +0900 (JST) Message-ID: <447E9D26.3060800@freebsd.org> Date: Thu, 01 Jun 2006 16:54:14 +0900 From: Daichi GOTO User-Agent: Thunderbird 1.5.0.2 (X11/20060424) MIME-Version: 1.0 To: =?ISO-8859-1?Q?Andr=E9_Braga?= References: <43E73330.8070101@freebsd.org> <43EB4C00.2030101@freebsd.org> <4417DD8D.3050201@freebsd.org> <4433CA53.5050000@freebsd.org> <444E13BA.8050902@freebsd.org> <4475C119.1020305@freebsd.org> <447C919B.20303@freebsd.org> <86bqteikj4.fsf@xps.des.no> <20060531133814.acykloyqhkcccg80@netchild.homeip.net> <2ad73a0605311125h7ac8a927t33bbfadf9fe18c33@mail.gmail.com> In-Reply-To: <2ad73a0605311125h7ac8a927t33bbfadf9fe18c33@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Mailman-Approved-At: Thu, 01 Jun 2006 11:41:54 +0000 Cc: ozawa@ongs.co.jp, dkirhlarov@oilspace.com, freebsd-hackers@freebsd.org, =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= , Daichi GOTO , freebsd-fs@freebsd.org, freebsd-current@freebsd.org, kris@obsecurity.org, Alexander Leidinger Subject: Re: [ANN] unionfs patchset-13 release X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jun 2006 07:54:23 -0000 André Braga wrote: > A post scriptum to the original message: > The buggy behaviour won't affect the host system, but the jail could > well be compromised. I also have this feeling that ACLs also aren't > respected inside jails or can be overwritten as easily as shown below > > Thanks, > André for all folks who have deep consideration of FS: We do not know well around MAC and ACL. Someone knows well around those, please teach us. Does MAC have a information of schg of chflags? for all folks who have deep consideration of FS: part2 Yeah, it is possible to make capability for setting the ALC and MAC information to the upper layer of the unionfs. With that, we must consider the policy that what information should be copied to shadow file when it makes shadow file. Without the policy, we cannot make it. We want to know your opinions if you have deep consideration of it. What do you make of it? -- Daichi GOTO, http://people.freebsd.org/~daichi