From owner-freebsd-stable@FreeBSD.ORG Fri Feb 24 17:14:31 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03BC716A420 for ; Fri, 24 Feb 2006 17:14:31 +0000 (GMT) (envelope-from vladgalu@gmail.com) Received: from pproxy.gmail.com (pproxy.gmail.com [64.233.166.181]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE61243D45 for ; Fri, 24 Feb 2006 17:14:29 +0000 (GMT) (envelope-from vladgalu@gmail.com) Received: by pproxy.gmail.com with SMTP id w49so432731pyg for ; Fri, 24 Feb 2006 09:14:29 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Fsm0RquUp3KxTOxkHZsoA7yCUuBcY/TL85njWLHLasZnX/CH3pRTLZcCD/Ny74KZp3YhqDvrUN0lmjok2eLJa36VYMVI60z7v62pVJp2ziS7MlerAPjlEM4U/AKBOw9JpCP7jpmt7MwLBzMhyc1c6MtxDnwcX8JtoEF0oP67t2s= Received: by 10.35.111.7 with SMTP id o7mr278391pym; Fri, 24 Feb 2006 08:18:51 -0800 (PST) Received: by 10.35.38.9 with HTTP; Fri, 24 Feb 2006 08:18:51 -0800 (PST) Message-ID: <79722fad0602240818i4fbb70afj2800bb8d7b402005@mail.gmail.com> Date: Fri, 24 Feb 2006 18:18:51 +0200 From: "Vlad GALU" To: freebsd-stable@freebsd.org In-Reply-To: <79722fad0602240759q67a778f2p63302dcf9a80ed6e@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <79722fad0602220606y2489b6a5j365092defffec818@mail.gmail.com> <43FF2B82.5090304@yahoo.com.br> <79722fad0602240759q67a778f2p63302dcf9a80ed6e@mail.gmail.com> Subject: Re: Processes started inside a jail are only visible outside the jail X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Feb 2006 17:14:31 -0000 On 2/24/06, Vlad GALU wrote: > On 2/24/06, Ricardo A. Reis wrote: > > Hi Vlad, > > > > See your sysctl.conf per this entries: > > > > sysctl -ad | grep bsd.see > > security.bsd.see_other_gids: Unprivileged processes may see > > subjects/objects with different real gid > > security.bsd.see_other_uids: Unprivileged processes may see > > subjects/objects with different real uid > > They were set to 0, indeed. But I ran "ps" in the jail as root. I > should be seeing that process. For all other processes it seems to > work as expected. Only lighttpd manifests this symptom. > I had mac_seeotheruids active. When I deactivated it, the problem > went away. Strange ... I changed my settings as follows: -- cut here -- security.mac.seeotheruids.specificgid: 0 security.mac.seeotheruids.specificgid_enabled: 1 security.mac.seeotheruids.primarygroup_enabled: 0 security.mac.seeotheruids.enabled: 1 -- and here -- Now root can see all processes, even within the jail.