What is the best way for the process to determine that it runs in jail?
Eugene Grosbein
eugen at grosbein.net
Mon Jul 8 18:12:33 UTC 2019
07.07.2019 7:43, Yuri wrote:
> I found online that it is possible to stat the root folder and find its inode number.
>
> The inode number is 2 when the root is on UFS, and 4 if the root is on ZFS.
>
> This looks pretty hackish to me. Is this reliable?
>
> Is there a better/best way?
We have check_jail subroutine in the /etc/rc.subr that is supposed to be called
with single "jailed" argument so it just checks if sysctl security.jail.jailed exists and set to 1.
We have sysctlbyname(3) function of out libc to do same in C.
More information about the freebsd-hackers
mailing list