From owner-freebsd-current  Fri Jan  3 13:54:50 2003
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2B11237B401
	for <current@freebsd.org>; Fri,  3 Jan 2003 13:54:49 -0800 (PST)
Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4FF7043E4A
	for <current@freebsd.org>; Fri,  3 Jan 2003 13:54:48 -0800 (PST)
	(envelope-from phk@freebsd.org)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.12.6/8.12.6) with ESMTP id h03LseF4002526;
	Fri, 3 Jan 2003 22:54:40 +0100 (CET)
	(envelope-from phk@freebsd.org)
To: Julian Elischer <julian@elischer.org>
Cc: FreeBSD current users <current@freebsd.org>
Subject: Re: Jail detection 
From: phk@freebsd.org
In-Reply-To: Your message of "Fri, 03 Jan 2003 13:37:07 PST."
             <Pine.BSF.4.21.0301031332060.77781-100000@InterJet.elischer.org> 
Date: Fri, 03 Jan 2003 22:54:40 +0100
Message-ID: <2525.1041630880@critter.freebsd.dk>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

In message <Pine.BSF.4.21.0301031332060.77781-100000@InterJet.elischer.org>, Ju
lian Elischer writes:
>
>We have some software we'd like to behave slightly differently if it is
>in a jail.
>
>What methods do people use to detect they are in a jail?
>procfs/curproc might work but I don't want to depend on procfs.
>ps aux can be used but seems rather heavyweight.
>Something like a sysctl would be best. I could implement it
>(unless there's already something I missed), if it was considered 
>the right answer.

Use sysctl to pick up your own proc, look for the jail flag.  It takes
less than 10 lines of C.

>Also, does anyone wnow the mechanism for ping failing (in 4.x systems)
>from jails?

Yes.  raw sockets are blanket denied in jails.  Not because it is impossible
to properly filter them, but because nobody has written the code it takes.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message