Date: Wed, 25 Oct 2017 11:08:38 -0600 From: James Gritton <jamie@gritton.org> To: freebsd-jail@freebsd.org Subject: Re: Unable to get jail paramters values Message-ID: <5f23581b00a9f41a55ea29ee9ab07c50@gritton.org> In-Reply-To: <AM5PR0201MB246795E78C7ED2B2FF64F4A8F6470@AM5PR0201MB2467.eurprd02.prod.outlook.com> References: <AM5PR0201MB2467CE42481935A1EFF96456F6470@AM5PR0201MB2467.eurprd02.prod.outlook.com> <AM5PR0201MB246795E78C7ED2B2FF64F4A8F6470@AM5PR0201MB2467.eurprd02.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2017-10-24 13:10, Andrew Hotlab wrote: >> How can I get real jail.param values for a specific running jail? > > Replying to my own question... I just fount that it's possible to > know it from the host with the command jls(8). Here is an example: > > root@host01:~ # jls -nj jtest01 allow.raw_sockets > allow.raw_sockets=1 > > Someone can tell me if it is possible to get the same info by issuing > a command inside the jail? A note on your original question: the security.jail.param.* sysctls are dummies, just there to tell jail(8) (and anyone else who cares) about the available parameters. For the current question, I'm afraid the answer is no. While many (most?) parameters are fine to know, the idea is that there are security considerations to knowing some things about your own prison. So this inability is a conscious decision. As to whether there actually *are* any security considerations to knowing about yourself, that may be something of an open question. Certainly the things you can test in other ways (like allow.raw_sockets) aren't a concern. - Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5f23581b00a9f41a55ea29ee9ab07c50>