Jailed X applications

[Momchil Ivanov]

На Friday 17 August 2007 10:07:36 Alexander Leidinger написа:
> Quoting mal content <artifact.one at googlemail.com> (from Fri, 17 Aug
> 2007 06:10:39 +0100):
>
> This is better suited for freebsd-jail@ (CCed), please remove
> freebsd-security@ on reply to move the discussion there.
>
> > Has anyone here ever successfully set up a jail for X apps, connecting
> > to an external X server? I'm trying an experimental sandbox setup here.
>
> I have my X server itself in a jail (needs a kernel patch and some
> devfs rules), and in the past connected to a jail and started a X11
> programm there... IIRC.

I used to connect via ssh to a jail on a remote machine and run X11 apps from 
there (opera, firefox......) because my computer was too slow back then and 
used it just to draw the windows. The machine with the jail was running 6.x 
and I still have the jail there, just don`t use it any more. I did not have 
any issues with this setup.

>
> > I have a jail running on an aliased IP on my local machine and X
> > programs connect out of the jail to my local X server via an SSH
> > tunneled TCP connection. All other packets to and from the jail are
> > denied by the packet filter.  The trouble I am having is that many
> > applications (all X apps so far and a few of the SSH tools) try to open
> > and read from /dev/tty, which clearly isn't going to happen:
>
> ssh uses a tty (pty?), but normally you have some in a jail. How do
> you start the jail? There should be devfs mounted in the jail.
>
> Bye,
> Alexander.

-- 
PGP KeyID: 0x3118168B
Keyserver: pgp.mit.edu
Key fingerprint BB50 2983 0714 36DC D02E  158A E03D 56DA 3118 168B
  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20070817/73142656/attachment.pgp