Jailed X applications
Alexander Leidinger
Alexander at Leidinger.net
Fri Aug 17 01:26:34 PDT 2007
Quoting mal content <artifact.one at googlemail.com> (from Fri, 17 Aug
2007 06:10:39 +0100):
This is better suited for freebsd-jail@ (CCed), please remove
freebsd-security@ on reply to move the discussion there.
> Has anyone here ever successfully set up a jail for X apps, connecting
> to an external X server? I'm trying an experimental sandbox setup here.
I have my X server itself in a jail (needs a kernel patch and some
devfs rules), and in the past connected to a jail and started a X11
programm there... IIRC.
> I have a jail running on an aliased IP on my local machine and X
> programs connect out of the jail to my local X server via an SSH
> tunneled TCP connection. All other packets to and from the jail are
> denied by the packet filter. The trouble I am having is that many
> applications (all X apps so far and a few of the SSH tools) try to open
> and read from /dev/tty, which clearly isn't going to happen:
ssh uses a tty (pty?), but normally you have some in a jail. How do
you start the jail? There should be devfs mounted in the jail.
Bye,
Alexander.
--
"How do I love thee? My accumulator overflows."
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
More information about the freebsd-security
mailing list