Date: Mon, 14 Jan 2002 20:37:36 +0300 From: zhuravlev alexander <zaa@ulstu.ru> To: security@freebsd.org Subject: Re: jail and NFS Message-ID: <20020114203735.A59890@ulstu.ru> In-Reply-To: <20020114203031.A59312@ulstu.ru> References: <20020114160455.A44661@ulstu.ru> <Pine.NEB.3.96L.1020114094053.25539D-100000@fledge.watson.org> <20020114203031.A59312@ulstu.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 14, 2002 at 08:30:32PM +0300, zhuravlev alexander wrote: > On Mon, Jan 14, 2002 at 09:42:26AM -0500, Robert Watson wrote: > > If the NFS mount is visible in the jail's namespace, then the jailed > > processes can access it subject to normal access control restrictions. > > However, processes in jail are not permitted to mount, remount, or unmount > > filesystems, so any access to NFS must be configured by a process outside > > the jail (and preferably, before any untrusted processes run in the jail, > > so as to prevent racing and path-based games). Typically, when using NFS > > with a jail, I'll do the NFS mounting prior to actually starting the jail. > > by the way ... when it type in jailed box mount i saw all filesystems and shares mounted by host system is this correct ? -- zhuravlev alexander u l s t u c t c e-mail:zaa@ulstu.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020114203735.A59890>