cvs commit: src/usr.sbin/jail jail.8
Simon L. Nielsen
simon at FreeBSD.org
Fri Mar 17 06:18:28 UTC 2006
On 2006.03.16 14:31:35 +0000, Jesus R. Camou wrote:
> jcamou 2006-03-16 14:31:35 UTC
>
> FreeBSD src repository (doc committer)
>
> Modified files:
> usr.sbin/jail jail.8
> Log:
> Do `mount_devfs' when starting a jail.
That is a very bad idea without further explaining the risks, since it
will allow root in the jail more or less full access to the entire
system since several non-safe device node are exported like disk and
memory devices. To mount a devfs safely inside devfs rules must be
set up.
Could you please add a big warning, or even better, the commads to
setup devfs rules for a jail /dev, like is done by the jail rc.d
script?
See also http://cvsweb.freebsd.org/src/usr.sbin/jail/jail.8#rev1.44
--
Simon L. Nielsen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-src/attachments/20060317/7501ec6b/attachment.pgp
More information about the cvs-src
mailing list