From owner-freebsd-bugs@FreeBSD.ORG  Thu Oct  8 10:32:11 2009
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 275551065679;
	Thu,  8 Oct 2009 10:32:11 +0000 (UTC)
	(envelope-from remko@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 188D88FC13;
	Thu,  8 Oct 2009 10:32:11 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n98AWAP8011136;
	Thu, 8 Oct 2009 10:32:10 GMT
	(envelope-from remko@freefall.freebsd.org)
Received: (from remko@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n98AWAZd011132;
	Thu, 8 Oct 2009 10:32:10 GMT (envelope-from remko)
Date: Thu, 8 Oct 2009 10:32:10 GMT
Message-Id: <200910081032.n98AWAZd011132@freefall.freebsd.org>
To: greenx@yartv.ru, remko@FreeBSD.org, freebsd-bugs@FreeBSD.org
From: remko@FreeBSD.org
Cc: 
Subject: Re: misc/139422: make the jail safe for the parent system
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2009 10:32:11 -0000

Synopsis: make the jail safe for the parent system

State-Changed-From-To: open->closed
State-Changed-By: remko
State-Changed-When: Thu Oct 8 10:32:10 UTC 2009
State-Changed-Why: 
Hello, I think I understand what you ar etrying to say here. But I think
that only trusted people should be allowed into a jail, as well as with
a regular server. You could give the user sudo access for specific tasks
so tht he cannot do everything as highly privileged user. Yes ofcourse
you might be able to get out of those things if you are creative. The
question is, where do we put the line. I think that in this case one
should know what he puts in rc.local, if this is a jail, and you use the
regular scripts, the 'jail' rc.d will not be used at all. Please discuss
this further on the questions list, and report to me in case this is
really a problem. Anyway; thanks for using FreeBSD! It's greatly
appreciated...

http://www.freebsd.org/cgi/query-pr.cgi?pr=139422