Date: Wed, 17 May 2017 11:07:52 -0400 From: Steve Wills <steve@mouf.net> To: freebsd-jail@freebsd.org Subject: hiding jail processes from users Message-ID: <2e15fbf6-cfb9-6e9a-856d-3602dd1b92fb@mouf.net>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --pvJxcK6EaFMOOsBogmW1TXcoR7Nc96lop Content-Type: multipart/mixed; boundary="6bxN20UFPKgl4ff1nv0MCrvJiR5QX0NCb"; protected-headers="v1" From: Steve Wills <steve@mouf.net> To: freebsd-jail@freebsd.org Message-ID: <2e15fbf6-cfb9-6e9a-856d-3602dd1b92fb@mouf.net> Subject: hiding jail processes from users --6bxN20UFPKgl4ff1nv0MCrvJiR5QX0NCb Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hi, I noticed that users can see jail processes even when security.bsd.see_other_uids=3D0 and security.bsd.see_other_gids=3D0 are s= et, if the process happens to be the same UID/GID as the user. So I created a patch which adds a security.bsd.see_jail_proc sysctl which hides jail processes from non-root users regardless of see_other_*. The patch is her= e: https://reviews.freebsd.org/D10770 Any feedback would be appreciated. Thanks, Steve --6bxN20UFPKgl4ff1nv0MCrvJiR5QX0NCb-- --pvJxcK6EaFMOOsBogmW1TXcoR7Nc96lop Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQGjBAEBCgCNFiEEmPpBSlwqDvnP0K0N9c9isyB7G6EFAlkcZ0lfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDk4 RkE0MTRBNUMyQTBFRjlDRkQwQUQwREY1Q0Y2MkIzMjA3QjFCQTEPHHN0ZXZlQG1v dWYubmV0AAoJEPXPYrMgexuh0K0H/3rQWXUIoFvZTlnnZpps50S1IE2YN5u5RA7D ZjCcRD/e1DN6CZNw92XiF6chLdo/19NJ7PZ+FyXSCM3s2wE2G88PPgVEs5lCRyab EL06OxxyQk1MKdBuM4mw9IUcaHFtlrvLhsry463/QBaup2CqJPJCyDA+U8IhYol4 aFzaPjOKH2K7UdKvl6q/rzf//1ihajsNS10bOpFlmNzTgnWFaLj6AxXfwh6UHqi1 S42HEJ+xYc12846ABgTDrVez5D/eIzV4jcQNS3LY2mNrUdiipd1MFVT/APiR3oI4 SjNK2o8kPS9U3Ozb+qyz3KezFeR2OhYVUue4Ih8HlMkYtpuF+a8= =NgX7 -----END PGP SIGNATURE----- --pvJxcK6EaFMOOsBogmW1TXcoR7Nc96lop--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2e15fbf6-cfb9-6e9a-856d-3602dd1b92fb>