On Mon, 30 Nov 2009, Ivan Voras wrote:
What's the sane solution, then, when the only method of communication is
unix domain sockets?
It is a security problem. I think the long-term solution would be to add a
sysctl analogous to security.jail.param.securelevel to handle this.
I don't think there is a workaround right now.
I'm not sure I agree on the above, hence my comments about nullfs and unionfs.
I see nullfs as intended to provide references (possibly masked to read-only)
to the same fundamental object, and unionfs to provide independence between
different consumers that see objects via different file system mounts. As
such, I'd expect UNIX domain sockets to "work" for inter-jail communication
when using nullfs, and "not work" when using unionfs. It's simply a property
of the implementation of the linkage between VFS and UNIX domain sockets that
they are currently both broken (in fact, someone tried to "fix" it with union
mounts recenty, running into the use-after-free bugs I mentioned, but also
breaking the semantics in my view).
Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
