Date: Wed, 07 Oct 2009 18:50:31 +0400 From: Menshikov Konstantin <kostjn@peterhost.ru> To: Andrey Groshev <greenx@yartv.ru> Cc: freebsd-jail@freebsd.org Subject: Re: how to make the jail safe for the parent system? Message-ID: <4ACCAAB7.8010507@peterhost.ru> In-Reply-To: <4ACC6ABE.9050107@yartv.ru> References: <4ACC6ABE.9050107@yartv.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrey Groshev wrote:
> Hi, All!
>
> I understand, what not absolutely normal question, but...
>
> There is I and my server.
> Also there is other person a server responsible for a web.
> Periodically he wants that I would instal some software, but in my
> representation, this software bad or unnecessary.
> I wish to make jail for its and its software.
> To give to this person complete access to it, let does all that wants.
> But, if in the jail create wrong start scripts, then the parent system
> too cannot be started up to the end.
> For example: in jail in /etc/rc.local write /bin/sh
> And that starts all after this prison will not receive handle.
>
> Question: how it to avoid?
>
>
Hi.
I`m think, that this is bug in /etc/rc.d/jail script.
You can fix /etc/rc.d/jail
626 run_rc_command "${cmd}" &
627 sleep 5
instead
626 run_rc_command "${cmd}"
This work.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ACCAAB7.8010507>