Date: Mon, 14 Jan 2002 20:30:32 +0300 From: zhuravlev alexander <zaa@ulstu.ru> To: security@freebsd.org Subject: Re: jail and NFS Message-ID: <20020114203031.A59312@ulstu.ru> In-Reply-To: <Pine.NEB.3.96L.1020114094053.25539D-100000@fledge.watson.org> References: <20020114160455.A44661@ulstu.ru> <Pine.NEB.3.96L.1020114094053.25539D-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 14, 2002 at 09:42:26AM -0500, Robert Watson wrote: > If the NFS mount is visible in the jail's namespace, then the jailed > processes can access it subject to normal access control restrictions. > However, processes in jail are not permitted to mount, remount, or unmount > filesystems, so any access to NFS must be configured by a process outside > the jail (and preferably, before any untrusted processes run in the jail, > so as to prevent racing and path-based games). Typically, when using NFS > with a jail, I'll do the NFS mounting prior to actually starting the jail. > thank you. i assume that this is right way too. > Robert N M Watson FreeBSD Core Team, TrustedBSD Project > robert@fledge.watson.org NAI Labs, Safeport Network Services > ps. and as all the time :) sorry for my ugly english :) -- zhuravlev alexander u l s t u c t c e-mail:zaa@ulstu.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020114203031.A59312>