Quoting Tommy Pham <[EMAIL PROTECTED]> (from Thu, 21 Feb 2008
04:16:58 -0800 (PST)):
Hi,
Could someone please explain to me the difference between host and jail
when the security.jail settings are as follow:
security.jail.mount_allowed: 1
You are allowed to use mount inside the jail.
security.jail.chflags_allowed: 1
You are allowed to change file flags.
security.jail.allow_raw_sockets: 1
You can ping from inside the jail (actually: you can create any kind
of network traffic, not only system generated TCP/UDP packets, the
most visible change from an user point of view is that you can ping).
security.jail.enforce_statfs: 2
Don't display FSes outside of a jail to processes inside a jail.
security.jail.sysvipc_allowed: 1
You can use sysv shared resource (ipcs -a) in a jail. Warning: this
means that every jail is able to access the same shared resources, if
they belong to the same jail or not.
security.jail.socket_unixiproute_only: 1
Have a look at the man page of jail, I can not produce a shorter
explanation (and I would have to look it up there myself to get the
details right).
security.jail.set_hostname_allowed: 1
You are allowed to change your hostname from inside the jail. A change
would affect the data in /proc (have a look at the man page of jail to
read more).
Bye,
Alexander.
--
To see the IP addresses currently set on your active interfaces, type
"ifconfig -u".
-- Dru <[EMAIL PROTECTED]>
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
