Date: Fri, 17 Aug 2007 23:59:18 +0200 From: Momchil Ivanov <idiotbg@gmail.com> To: freebsd-jail@freebsd.org Cc: Alexander Leidinger <Alexander@leidinger.net>, mal content <artifact.one@googlemail.com> Subject: Re: Jailed X applications Message-ID: <200708172359.23268.idiotbg@gmail.com> In-Reply-To: <20070817100736.8291zwehpcgc4444@webmail.leidinger.net> References: <8e96a0b90708162210y2cb9c6b2gb858f277674f84d1@mail.gmail.com> <20070817100736.8291zwehpcgc4444@webmail.leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart4272434.POSbmMfivQ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline =D0=9D=D0=B0 Friday 17 August 2007 10:07:36 Alexander Leidinger =D0=BD=D0= =B0=D0=BF=D0=B8=D1=81=D0=B0: > Quoting mal content <artifact.one@googlemail.com> (from Fri, 17 Aug > 2007 06:10:39 +0100): > > This is better suited for freebsd-jail@ (CCed), please remove > freebsd-security@ on reply to move the discussion there. > > > Has anyone here ever successfully set up a jail for X apps, connecting > > to an external X server? I'm trying an experimental sandbox setup here. > > I have my X server itself in a jail (needs a kernel patch and some > devfs rules), and in the past connected to a jail and started a X11 > programm there... IIRC. I used to connect via ssh to a jail on a remote machine and run X11 apps fr= om=20 there (opera, firefox......) because my computer was too slow back then and= =20 used it just to draw the windows. The machine with the jail was running 6.x= =20 and I still have the jail there, just don`t use it any more. I did not have= =20 any issues with this setup. > > > I have a jail running on an aliased IP on my local machine and X > > programs connect out of the jail to my local X server via an SSH > > tunneled TCP connection. All other packets to and from the jail are > > denied by the packet filter. The trouble I am having is that many > > applications (all X apps so far and a few of the SSH tools) try to open > > and read from /dev/tty, which clearly isn't going to happen: > > ssh uses a tty (pty?), but normally you have some in a jail. How do > you start the jail? There should be devfs mounted in the jail. > > Bye, > Alexander. =2D-=20 PGP KeyID: 0x3118168B Keyserver: pgp.mit.edu Key fingerprint BB50 2983 0714 36DC D02E =C2=A0158A E03D 56DA 3118 168B =20 --nextPart4272434.POSbmMfivQ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQBGxho34D1W2jEYFosRAoxyAJ9D/CU2CzR+koZm7KTWrTugJ+2cQgCcCA69 7o+b7BQ1MmbJWMxUVf6RFg8= =Et7z -----END PGP SIGNATURE----- --nextPart4272434.POSbmMfivQ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708172359.23268.idiotbg>