Date: Sun, 18 May 2008 18:21:13 +0200 From: Jille Timmermans <jille@quis.cx> To: freebsd-current@freebsd.org Subject: Unprivileged jail_attach Message-ID: <48305779.8020606@quis.cx>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I was thinking about creating a way to do jail_attach as non-root. My idea is to create some sort of an 'uid conversion table'. eg: root@host# jail /usr/jails/jail1/ jail1.host 127.0.0.2 /bin/sh /etc/rc root@host# jail_allowuser 1 65534 0 # jid host-uid jail-uid root@host# su nobody nobody@host$ jexec 1 bash root@jail1# All (non-root) users wanting to attach a jail without being in this conversion table will get EPERM. Root will always get SUCCESS. Users in the conversion table will be put in the jail with the new (or same) uid. This would be useful for eg, users wanting to have their own jail. Or authentication systems (sshd) that can put users in some jail, without becoming root first. What do you think about it ? - -- Jille -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) iEYEARECAAYFAkgwV3gACgkQacI4LQTe9EWMswCgv+eLzus5eu0LtM9cawinM0hN isYAniNey7vHE5KNqyVE5Tyk9RbJXy1c =xS+J -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48305779.8020606>