Greetings. I want to set up a jail for a web server. It only needs to
access the things a normal system would (its own disk space, the
network controller, the keyboard, and so on). I need to be SSHing
into the jailed system to control it.
The manpage for jail says:
NOTE: It is important that only appropriate device nodes in devfs be
exposed to a jail; access to disk devices in the jail may permit pro-
cesses in the jail to bypass the jail sandboxing by modifying files out-
side of the jail. See devfs(8) for information on how to use devfs rules
to limit access to entries in the per-jail devfs.
What should I do for /etc/devfs.rules on the host? What should I be excluding?
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
