Date: Sat, 18 Aug 2007 18:07:49 -0400 (EDT) From: Randy Schultz <schulra@earlham.edu> To: freebsd-jail@freebsd.org Subject: Re: security bug or operator "misunderstanding", and a query Message-ID: <Pine.BSF.4.64.0708181803320.704@tdream.lly.earlham.edu> In-Reply-To: <20070815123626.61341c12.wmoran@collaborativefusion.com> References: <Pine.BSF.4.64.0708151105090.77665@tdream.lly.earlham.edu> <20070815123626.61341c12.wmoran@collaborativefusion.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 15 Aug 2007, Bill Moran spaketh thusly: -}In response to Randy Schultz <schulra@earlham.edu>: -} -}> Hey all, -}> -}> I've been messing around with, and liking, jails. I had a weird thing happen -}> tho' that I cannot explain, and seems to violate the concept of jail. -}> -}> I have the AMD64 version of fbsd 6.2 set up, default install(plus a few minor -}> ports like sudo). The jail setup is AFAIK standard, e.g. rc.conf has: -}> -}> jail_list="ntpjail" -}> -}> jail_ntpjail_rootdir=/usr/local/jails/jail1 -}> jail_ntpjail_hostname=ntpjail.earlham.edu -}> jail_ntpjail_ip=192.168.1.59 -}> jail_ntpjail_interface=bge1 -}> jail_ntpjail_devfs_enable="YES" -}> -}> The /dev dir is whatever is defined for jails in /etc/defaults/devfs.rules, -}> and no tweaks are in sysctl.conf. -}> -}> When I have the parent/jail up and running, ntpd not running on the parent, if -}> I kick off ntpd in the jail, it actually kicks off ntpd in the parent then -}> barks with "address already in use". -} -}By design, a jail can not start a process on the host. If you are actually -}able to demonstrate this behaviour, many would be interested because it -}would constitute a serious bug. Yup, you're right. Today I took some time to more slowly go through the steps. What I missed before was the "J" in the state field of the ps command, signifying the jailed process. False alarm. Sorry 'bout that. -- Randy (schulra@earlham.edu) 765.983.1283 <*> Love with your heart, think with your head; not the other way around.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.64.0708181803320.704>