Erich Dollansky wrote:
Hi,
I do some experimenting with jails at the moment on a FreeBSD 10.0
machine. The jails are all setup manually according to the handbook and
man jail. Each jail gets a name and an IP address. Individual ports are
then installed via the ports tree.
X is running on the host system. Telnet is used to connect to the jails.
When I install now firefox in a jail and also in the host system, I get
the following behaviour.
Scene A
Firefox runs already on the host system. I start then firefox inside
the jail firefox. It all seems fine as long as I do not use the history
or want to save the visited page. The jailed firefox sees then the
history of the firefox running on the host.
Scene B
Firefox is first started inside the jail firefox. When then the host
system also starts a firefox, this firefox sees now the history and the
filesystem of the jailed firefox.
Is it X that allows the jailed firefox to communicate directly with
firefox running directly on the host?
Is there then a way to secure the system?
I have tried then programs like gedit or kate and saw only the
behaviour I expected. Both programs either saw only resources from
inside the jail or from outside but never resources from the other side
of the fence.
firefox has to be installed where you have xorg and your desktop
installed. Installing firefox in a jail be it self does nothing.
What you think you are seeing is wrong. ssh into jail having firefox is
not running firefox. ssh into the host where xorg and desktop and
firefox is the only to have firefox work to the best of my knowledge.
_______________________________________________
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
