Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 3 Jul 2010 00:21:04 -0700
From:      George Davidovich <freebsd@optimis.net>
To:        freebsd-questions@freebsd.org
Subject:   Re: jail and uname
Message-ID:  <20100703072104.GA89373@marvin.optimis.net>
In-Reply-To: <4C2ED4F9.2010408@comclark.com>
References:  <4C2ED4F9.2010408@comclark.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jul 03, 2010 at 02:13:13PM +0800, Aiza wrote:
> From the console of a jail I issue uname -r and get 8.0-RELEASE-p3,
> which is the release level of the host. I know the jail is running a
> pristine minimum install of 8.0-RELEASE.
> 
> I would think issuing uname from within a jail environment should 
> respond with the info of the jail environment. Is this not a security 
> violation?

I'm guessing your understanding of jails is a bit off.  A FreeBSD jail
isn't a "fully virtualised" system.  As implemented, jails share the
host system's kernel.  The Handbook makes clear that a jail is
essentially defined by a directory subtree, a hostname, an IP address,
and a command.  Well, that, and things like user accounts.

So when you run uname, what's reported is kernel information as stored
in various sysctl(8) MIBs (kern.ostype, kern.osrelease, kern.osrevision,
kern.version, etc.).  And because there's only one kernel, you'll get
the same output from running uname on the host as you would get from
running it inside a jail.

-- 
George



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100703072104.GA89373>