On 2006.03.16 14:31:35 +0000, Jesus R. Camou wrote: > jcamou 2006-03-16 14:31:35 UTC > > FreeBSD src repository (doc committer) > > Modified files: > usr.sbin/jail jail.8 > Log: > Do `mount_devfs' when starting a jail.
That is a very bad idea without further explaining the risks, since it will allow root in the jail more or less full access to the entire system since several non-safe device node are exported like disk and memory devices. To mount a devfs safely inside devfs rules must be set up. Could you please add a big warning, or even better, the commads to setup devfs rules for a jail /dev, like is done by the jail rc.d script? See also http://cvsweb.freebsd.org/src/usr.sbin/jail/jail.8#rev1.44 -- Simon L. Nielsen
pgp7LyOmrRrW5.pgp
Description: PGP signature
