Date: Mon, 22 Sep 2008 12:26:04 -0400 (EDT) From: Randy Schultz <schulra@earlham.edu> To: freebsd-jail@freebsd.org Subject: Re: request for (security) comments on this setup Message-ID: <Pine.BSF.4.64.0809221222110.16549@tdream.lly.earlham.edu> In-Reply-To: <20080922155111.T65801@maildrop.int.zabbadoz.net> References: <Pine.BSF.4.64.0809220809440.16549@tdream.lly.earlham.edu> <20080922155111.T65801@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 22 Sep 2008, Bjoern A. Zeeb spaketh thusly: -}On Mon, 22 Sep 2008, Randy Schultz wrote: -} -}Hi, -} -}> I'm mounting some iSCSI storage in a jail. It's mounting in the jail via -}> fstab.<jailname>. When the jail is up and I'm logged into the jail I can cd -}> to the mount point, r/w etc., everything seems to work. What's weird tho' -}> is, -}> while a df on the parent shows the partion mounted as expected, a df inside -}> the jail shows the local disk but not the iSCSI mount. -}> ... -}> So, my first question is what am I missing, the second is does mounting -}> things -}> this way into a jail pose any sort of risk for escaping the jail? -} -}Does anything change if you do a -} sysctl security.jail.enforce_statfs=1 Arg. I never thought to check for a sysctl option. Indeed it does. Tnx much for the poke. -- Randy (schulra@earlham.edu) 765.983.1283 <*> Love with your heart, think with your head; not the other way around.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.64.0809221222110.16549>