Date: Mon, 14 Jan 2002 09:42:26 -0500 (EST) From: Robert Watson <rwatson@freebsd.org> To: zhuravlev alexander <zaa@ulstu.ru> Cc: security@freebsd.org Subject: Re: jail and NFS Message-ID: <Pine.NEB.3.96L.1020114094053.25539D-100000@fledge.watson.org> In-Reply-To: <20020114160455.A44661@ulstu.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
If the NFS mount is visible in the jail's namespace, then the jailed processes can access it subject to normal access control restrictions. However, processes in jail are not permitted to mount, remount, or unmount filesystems, so any access to NFS must be configured by a process outside the jail (and preferably, before any untrusted processes run in the jail, so as to prevent racing and path-based games). Typically, when using NFS with a jail, I'll do the NFS mounting prior to actually starting the jail. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services On Mon, 14 Jan 2002, zhuravlev alexander wrote: > hello > is it possible in jailed box mount nfs shares ? > > thanks. > sorry if this is not correct list to post this message. > > -- > zhuravlev alexander > u l s t u c t c > e-mail:zaa@ulstu.ru > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1020114094053.25539D-100000>