Date: Mon, 22 Sep 2008 15:52:43 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Randy Schultz <schulra@earlham.edu> Cc: freebsd-jail@freebsd.org Subject: Re: request for (security) comments on this setup Message-ID: <20080922155111.T65801@maildrop.int.zabbadoz.net> In-Reply-To: <Pine.BSF.4.64.0809220809440.16549@tdream.lly.earlham.edu> References: <Pine.BSF.4.64.0809220809440.16549@tdream.lly.earlham.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 22 Sep 2008, Randy Schultz wrote: Hi, > I'm mounting some iSCSI storage in a jail. It's mounting in the jail via > fstab.<jailname>. When the jail is up and I'm logged into the jail I can cd > to the mount point, r/w etc., everything seems to work. What's weird tho' > is, > while a df on the parent shows the partion mounted as expected, a df inside > the jail shows the local disk but not the iSCSI mount. > ... > So, my first question is what am I missing, the second is does mounting > things > this way into a jail pose any sort of risk for escaping the jail? Does anything change if you do a sysctl security.jail.enforce_statfs=1 If that's what you want you can add the following lines to /etc/sysctl.conf in the base system so it is automatically set upon boot: # jails security.jail.enforce_statfs=1 /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080922155111.T65801>