Date: Fri, 24 Feb 2006 18:18:51 +0200 From: "Vlad GALU" <vladgalu@gmail.com> To: freebsd-stable@freebsd.org Subject: Re: Processes started inside a jail are only visible outside the jail Message-ID: <79722fad0602240818i4fbb70afj2800bb8d7b402005@mail.gmail.com> In-Reply-To: <79722fad0602240759q67a778f2p63302dcf9a80ed6e@mail.gmail.com> References: <79722fad0602220606y2489b6a5j365092defffec818@mail.gmail.com> <43FF2B82.5090304@yahoo.com.br> <79722fad0602240759q67a778f2p63302dcf9a80ed6e@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/24/06, Vlad GALU <vladgalu@gmail.com> wrote:
> On 2/24/06, Ricardo A. Reis <ricardo_bsd@yahoo.com.br> wrote:
> > Hi Vlad,
> >
> > See your sysctl.conf per this entries:
> >
> > sysctl -ad | grep bsd.see
> > security.bsd.see_other_gids: Unprivileged processes may see
> > subjects/objects with different real gid
> > security.bsd.see_other_uids: Unprivileged processes may see
> > subjects/objects with different real uid
>
> They were set to 0, indeed. But I ran "ps" in the jail as root. I
> should be seeing that process. For all other processes it seems to
> work as expected. Only lighttpd manifests this symptom.
> I had mac_seeotheruids active. When I deactivated it, the problem
> went away. Strange ...
I changed my settings as follows:
-- cut here --
security.mac.seeotheruids.specificgid: 0
security.mac.seeotheruids.specificgid_enabled: 1
security.mac.seeotheruids.primarygroup_enabled: 0
security.mac.seeotheruids.enabled: 1
-- and here --
Now root can see all processes, even within the jail.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?79722fad0602240818i4fbb70afj2800bb8d7b402005>