svn commit: r261266 - in head: sys/dev/drm sys/kern sys/sys usr.sbin/jail
Alexander Leidinger
Alexander at Leidinger.net
Wed Jan 29 21:22:37 UTC 2014
On Wed, 29 Jan 2014 06:49:01 -0700
James Gritton <jamie at freebsd.org> wrote:
> On 1/29/2014 6:43 AM, Gleb Smirnoff wrote:
> > Doesn't this allow to easily unjail self? :)
> It does. I included a warning in jail.8 that this will pretty much
> undo jail security. There are still reasons some may want to do this,
> but it's definitely not for everyone or even most people.
It only "unjails" (= basically the same security level as the jail-host
with the added benefit of the flexibility of a jail like easy moving
from one system to another) the jail which has this flag set. All other
jails without the flag can not "escape" to the host.
I also have to add that just setting this flag does not give access to
the host, you also have to configure a non-default devfs rule for this
jail (to have the devices appear in the jail).
Bye,
Alexander.
--
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
More information about the svn-src-head
mailing list