Date: Fri, 24 Feb 2006 17:59:21 +0200 From: "Vlad GALU" <vladgalu@gmail.com> To: freebsd-stable@freebsd.org Subject: Re: Processes started inside a jail are only visible outside the jail Message-ID: <79722fad0602240759q67a778f2p63302dcf9a80ed6e@mail.gmail.com> In-Reply-To: <43FF2B82.5090304@yahoo.com.br> References: <79722fad0602220606y2489b6a5j365092defffec818@mail.gmail.com> <43FF2B82.5090304@yahoo.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/24/06, Ricardo A. Reis <ricardo_bsd@yahoo.com.br> wrote:
> Hi Vlad,
>
> See your sysctl.conf per this entries:
>
> sysctl -ad | grep bsd.see
> security.bsd.see_other_gids: Unprivileged processes may see
> subjects/objects with different real gid
> security.bsd.see_other_uids: Unprivileged processes may see
> subjects/objects with different real uid
They were set to 0, indeed. But I ran "ps" in the jail as root. I
should be seeing that process. For all other processes it seems to
work as expected. Only lighttpd manifests this symptom.
I had mac_seeotheruids active. When I deactivated it, the problem
went away. Strange ...
>
> Ricardo A. Reis
> UNIFESP
> Unix and Network Admin
>
> > 6.1-PRERELEASE
> >
> > Inside the jail:
> > root@j1 / # /usr/local/sbin/lighttpd -f /usr/local/etc/lighttpd.conf
> > root@j1 / #
> > root@j1 / # ps ax | grep light
> > 55816 p0 S+J 0:00.00 grep light
> > root@j1 / #
> >
> > Outside the jail:
> > root@host / # ps ax | grep light
> > 6263 ?? S 0:47.85 /usr/local/sbin/lighttpd -f
> > /usr/local/etc/lighttpd.conf
> > 81204 ?? SJ 0:00.01 /usr/local/sbin/lighttpd -f
> > /usr/local/etc/lighttpd.conf
> > 85151 pa S+ 0:00.00 grep light
> > root@host / #
> >
> > There are two lighttpd instances - the host runs one as well. The
> > other one is the one started from within the jail.
> > I don't know where to start investigating from.
> >
> > --
> > If it's there, and you can see it, it's real.
> > If it's not there, and you can see it, it's virtual.
> > If it's there, and you can't see it, it's transparent.
> > If it's not there, and you can't see it, you erased it.
> > _______________________________________________
> > freebsd-stable@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.or=
g"
> >
> >
>
>
--
If it's there, and you can see it, it's real.
If it's not there, and you can see it, it's virtual.
If it's there, and you can't see it, it's transparent.
If it's not there, and you can't see it, you erased it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?79722fad0602240759q67a778f2p63302dcf9a80ed6e>