From owner-svn-src-all@FreeBSD.ORG Mon Apr 27 20:38:28 2009 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 43BAF1065670; Mon, 27 Apr 2009 20:38:28 +0000 (UTC) (envelope-from brueffer@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 1EEFF8FC24; Mon, 27 Apr 2009 20:38:28 +0000 (UTC) (envelope-from brueffer@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n3RKcSNJ026265; Mon, 27 Apr 2009 20:38:28 GMT (envelope-from brueffer@svn.freebsd.org) Received: (from brueffer@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n3RKcRhS026263; Mon, 27 Apr 2009 20:38:27 GMT (envelope-from brueffer@svn.freebsd.org) Message-Id: <200904272038.n3RKcRhS026263@svn.freebsd.org> From: Christian Brueffer Date: Mon, 27 Apr 2009 20:38:27 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r191598 - in releng/7.2: usr.bin/cpuset usr.sbin/jail X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Apr 2009 20:38:28 -0000 Author: brueffer Date: Mon Apr 27 20:38:27 2009 New Revision: 191598 URL: http://svn.freebsd.org/changeset/base/191598 Log: Document an issue of jail(8) in conjunction with cpuset(1). Problem reported by: Miroslav Lachman <000.fbsd@quip.cz> Reviewed by: bz Approved by: re (kib) Modified: releng/7.2/usr.bin/cpuset/cpuset.1 releng/7.2/usr.sbin/jail/jail.8 Modified: releng/7.2/usr.bin/cpuset/cpuset.1 ============================================================================== --- releng/7.2/usr.bin/cpuset/cpuset.1 Mon Apr 27 20:23:22 2009 (r191597) +++ releng/7.2/usr.bin/cpuset/cpuset.1 Mon Apr 27 20:38:27 2009 (r191598) @@ -177,3 +177,9 @@ command first appeared in .Fx 7.1 . .Sh AUTHORS .An Jeffrey Roberson Aq jeff@FreeBSD.org +.Sh BUGS +At the moment it is possible for a superuser inside a +.Xr jail 8 +to modify the root +.Xr cpuset 2 +of that jail. Modified: releng/7.2/usr.sbin/jail/jail.8 ============================================================================== --- releng/7.2/usr.sbin/jail/jail.8 Mon Apr 27 20:23:22 2009 (r191597) +++ releng/7.2/usr.sbin/jail/jail.8 Mon Apr 27 20:38:27 2009 (r191598) @@ -699,3 +699,9 @@ Currently, the simplest answer is to min offered on the host, possibly limiting it to services offered from .Xr inetd 8 which is easily configurable. +.Pp +At the moment it is possible for a superuser inside a +.Nm +to modify the root +.Xr cpuset 2 +of that jail.