Jail nullfs mount information visibility [redirected from secteam@]
Sergey Zakharchenko
doublef.mobile at gmail.com
Tue Nov 24 10:01:20 UTC 2015
Hello,
I doubt this is an issue at all, but how some of the information
hiding in jails work seemed a bit illogical. FreeBSD seems to be
trying to hide nullfs mounts inside jails from the jailed proceses,
but it isn't very good or consistent at it. For example:
(inside the jail, which has a nullfs mount /path/outside/of/jail ->
/path/inside/jail/to/nullfs/mount):
# df
Filesystem 512-blocks Used Avail
Capacity Mounted on
whatever/is/jails/root/dev ... ... ... ...% /
OK, I can understand this (no nullfs mounts show up), but I don't get
the following:
# df /path/inside/jail/to/nullfs/mount/and/deeper
Filesystem 512-blocks Used Avail
Capacity Mounted on
/path/outside/of/jail ... ... ... ...% [restricted]
Why would you hide the target of the mount point (which I supposedly
know, since I need it to issue the df command) , but expose the source
(/path/outside/of/jail)? Shouldn't it be the other way around?
# uname -a
FreeBSD e40a1050f614 10.2-RELEASE FreeBSD 10.2-RELEASE #0 r286666: Wed
Aug 12 15:26:37 UTC 2015
root at releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64
Best regards,
--
DoubleF
More information about the freebsd-jail
mailing list