Date: Thu, 27 Feb 2003 16:43:51 +0100 From: Pawel Jakub Dawidek <nick@garage.freebsd.pl> To: Mooneer Salem <mooneer@translator.cx> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: Jail seperation patch Message-ID: <20030227154351.GQ330@garage.freebsd.pl> In-Reply-To: <FHEMJMOKKMJDGKFOHHEPMECPFDAA.mooneer@translator.cx> References: <20030227094242.GJ330@garage.freebsd.pl> <FHEMJMOKKMJDGKFOHHEPMECPFDAA.mooneer@translator.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
--rG09A39trvEtf3rB Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 27, 2003 at 07:16:15AM -0800, Mooneer Salem wrote: +> Actually, I just gave it blah.lifeafterking.org in /etc/hosts. 10.0.0.4 +> really *is* in the same jail: +>=20 +> %ifconfig +> lnc0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 +> inet 10.0.0.3 netmask 0xffffffff broadcast 10.0.0.3 +> inet 10.0.0.4 netmask 0xffffffff broadcast 10.0.0.4 +> ether 00:50:56:e0:26:54 +> lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 +> %hostname +> test.lifeafterking.org +> % Ehh, so now I know nothing about your test settings. After all problems isn't so trivial. +> As for the hide files code, I found a possible location for it, in +> vfs_subr.c (extattr_check_cred()). I added +> this block to it: [...] IMHO very dirty and not complete. Jail don't have to be chrooted to diferent mount-point, and checks like those should be done between vnodes, not pathnames. In my opinion better way is just create another jail and don't give access to main host for regular users. --=20 Pawel Jakub Dawidek UNIX Systems Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am. --rG09A39trvEtf3rB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPl4yNz/PhmMH/Mf1AQHotQQAkeywMGpBMfwYGhDQccL/QWzbnrFrvWyJ YV1SE7gTMtBYJNWaqnid7Jb0sY9/kF9aM1ZhVF17zlKpFxvp4+X3FWbHPFpscHMl wfNDJwrMtu9ISHOqeFxQ9r15ftDdRqQEr5QaWSaOXa/Y8cJKtFBffqdD2qBTVxl4 EKarNg7ptYY= =8lmk -----END PGP SIGNATURE----- --rG09A39trvEtf3rB-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030227154351.GQ330>