--- Alexander Leidinger <[EMAIL PROTECTED]> wrote: > Quoting Tommy Pham <[EMAIL PROTECTED]> (from Thu, 21 Feb 2008 > 04:16:58 -0800 (PST)): > > > Hi, > > > > Could someone please explain to me the difference between host and > jail > > when the security.jail settings are as follow: > > > > security.jail.mount_allowed: 1 > > You are allowed to use mount inside the jail. > > > security.jail.chflags_allowed: 1 > > You are allowed to change file flags. > > > security.jail.allow_raw_sockets: 1 > > You can ping from inside the jail (actually: you can create any kind > > of network traffic, not only system generated TCP/UDP packets, the > most visible change from an user point of view is that you can ping). > > > security.jail.enforce_statfs: 2 > > Don't display FSes outside of a jail to processes inside a jail. > > > security.jail.sysvipc_allowed: 1 > > You can use sysv shared resource (ipcs -a) in a jail. Warning: this > means that every jail is able to access the same shared resources, if > > they belong to the same jail or not. > > > security.jail.socket_unixiproute_only: 1 > > Have a look at the man page of jail, I can not produce a shorter > explanation (and I would have to look it up there myself to get the > details right). > > > security.jail.set_hostname_allowed: 1 > > You are allowed to change your hostname from inside the jail. A > change > would affect the data in /proc (have a look at the man page of jail > to > read more). > > Bye, > Alexander. > > -- > To see the IP addresses currently set on your active interfaces, type > "ifconfig -u". > -- Dru <[EMAIL PROTECTED]> > > http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = > B0063FE7 > http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = > 72077137 >
Hi Alexander, Thanks for the reply. I understand what those options but What I'm trying to ask is as I've set those options for the jails, what other differences are there between host & jail environment since turning on those options lessen the jail's restriction of resources similar or exactly as in host environment? Thanks, Tommy _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"
