On Mon, Nov 30, 2009 at 10:14 AM, Ivan Voras <[email protected]> wrote: >> What's the sane solution, then, when the only method of communication >> is unix domain sockets? > > It is a security problem. I think the long-term solution would be to add a > sysctl analogous to security.jail.param.securelevel to handle this.
Out of curiosity, why is allowing accessing to a Unix domain socket in a filesystem to which a jail has explicitly been allowed access more or less secure than allowing access to a file or a devfs node in a filesystem to which a jail has explicitly been allowed access? _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[email protected]"
