From owner-svn-src-all@FreeBSD.ORG Mon Apr 27 20:18:02 2009 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 13AB5106564A; Mon, 27 Apr 2009 20:18:02 +0000 (UTC) (envelope-from brueffer@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 009178FC1A; Mon, 27 Apr 2009 20:18:02 +0000 (UTC) (envelope-from brueffer@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n3RKI15R025815; Mon, 27 Apr 2009 20:18:01 GMT (envelope-from brueffer@svn.freebsd.org) Received: (from brueffer@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n3RKI14X025813; Mon, 27 Apr 2009 20:18:01 GMT (envelope-from brueffer@svn.freebsd.org) Message-Id: <200904272018.n3RKI14X025813@svn.freebsd.org> From: Christian Brueffer Date: Mon, 27 Apr 2009 20:18:01 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r191596 - in stable/7: usr.bin/cpuset usr.sbin/jail X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Apr 2009 20:18:02 -0000 Author: brueffer Date: Mon Apr 27 20:18:01 2009 New Revision: 191596 URL: http://svn.freebsd.org/changeset/base/191596 Log: Document an issue of jail(8) in conjunction with cpuset(1). Problem reported by: Miroslav Lachman <000.fbsd@quip.cz> Reviewed by: bz Approved by: re (kib) Modified: stable/7/usr.bin/cpuset/cpuset.1 stable/7/usr.sbin/jail/jail.8 Modified: stable/7/usr.bin/cpuset/cpuset.1 ============================================================================== --- stable/7/usr.bin/cpuset/cpuset.1 Mon Apr 27 20:13:13 2009 (r191595) +++ stable/7/usr.bin/cpuset/cpuset.1 Mon Apr 27 20:18:01 2009 (r191596) @@ -177,3 +177,9 @@ command first appeared in .Fx 7.1 . .Sh AUTHORS .An Jeffrey Roberson Aq jeff@FreeBSD.org +.Sh BUGS +At the moment it is possible for a superuser inside a +.Xr jail 8 +to modify the root +.Xr cpuset 2 +of that jail. Modified: stable/7/usr.sbin/jail/jail.8 ============================================================================== --- stable/7/usr.sbin/jail/jail.8 Mon Apr 27 20:13:13 2009 (r191595) +++ stable/7/usr.sbin/jail/jail.8 Mon Apr 27 20:18:01 2009 (r191596) @@ -699,3 +699,9 @@ Currently, the simplest answer is to min offered on the host, possibly limiting it to services offered from .Xr inetd 8 which is easily configurable. +.Pp +At the moment it is possible for a superuser inside a +.Nm +to modify the root +.Xr cpuset 2 +of that jail.