From owner-freebsd-stable@FreeBSD.ORG  Sat May  5 13:43:47 2007
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: stable@freebsd.org
Delivered-To: freebsd-stable@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 543DE16A402
	for <stable@freebsd.org>; Sat,  5 May 2007 13:43:47 +0000 (UTC)
	(envelope-from list@manuelmartini.it)
Received: from freebsd.manuelmartini.it (freebsd.manuelmartini.it
	[88.198.86.219])
	by mx1.freebsd.org (Postfix) with ESMTP id A4C3713C45B
	for <stable@freebsd.org>; Sat,  5 May 2007 13:43:46 +0000 (UTC)
	(envelope-from list@manuelmartini.it)
Received: (qmail 70942 invoked from network); 5 May 2007 15:17:04 +0200
Received: from unknown (HELO ?1.1.1.10?) (62.101.64.91)
	by freebsd.manuelmartini.it with AES128-SHA encrypted SMTP;
	5 May 2007 15:17:04 +0200
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Transfer-Encoding: 7bit
Message-Id: <182867A9-ED5E-496B-980A-B70C4E90B836@manuelmartini.it>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
To: stable@freebsd.org
From: Manuel Martini <list@manuelmartini.it>
Date: Sat, 5 May 2007 15:16:59 +0200
X-Mailer: Apple Mail (2.752.3)
Cc: 
Subject: gmirror security problem on jail env?
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 05 May 2007 13:43:47 -0000


# uname -a
FreeBSD xxxxxxx 6.2-STABLE FreeBSD 6.2-STABLE #0: Wed Apr 11 14:58:49  
CEST 2007     martin@xxxxx


# sysctl -a | grep jail

security.jail.set_hostname_allowed: 0
security.jail.socket_unixiproute_only: 1
security.jail.sysvipc_allowed: 0
security.jail.enforce_statfs: 2
security.jail.allow_raw_sockets: 0
security.jail.chflags_allowed: 0
security.jail.jailed: 1


# ls /dev
fd      null    ptyp1   ptyp3   ptyp5   stderr  stdout  ttyp1    
ttyp3   ttyp5   zero
log     ptyp0   ptyp2   ptyp4   random  stdin   ttyp0   ttyp2    
ttyp4   urandom

# df
Filesystem         1K-blocks     Used     Avail Capacity  Mounted on
/dev/mirror/gm0s1g 129719744 17056610 102285556    14%    /


# gmirror status
       Name    Status  Components
mirror/gm0  COMPLETE  da0
                       da1


so I think I can do...
gmirror remove.. stop.. deactive...

inside  jails!

it's true?