Hi, I do some experimenting with jails at the moment on a FreeBSD 10.0 machine. The jails are all setup manually according to the handbook and man jail. Each jail gets a name and an IP address. Individual ports are then installed via the ports tree.
X is running on the host system. Telnet is used to connect to the jails. When I install now firefox in a jail and also in the host system, I get the following behaviour. Scene A Firefox runs already on the host system. I start then firefox inside the jail firefox. It all seems fine as long as I do not use the history or want to save the visited page. The jailed firefox sees then the history of the firefox running on the host. Scene B Firefox is first started inside the jail firefox. When then the host system also starts a firefox, this firefox sees now the history and the filesystem of the jailed firefox. Is it X that allows the jailed firefox to communicate directly with firefox running directly on the host? Is there then a way to secure the system? I have tried then programs like gedit or kate and saw only the behaviour I expected. Both programs either saw only resources from inside the jail or from outside but never resources from the other side of the fence. Erich _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[email protected]"
