https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211580
--- Comment #14 from Jamie Gritton <[email protected]> --- (In reply to Joe Barbish from comment #13) You can't just wholesale take away sysctl - there are too many things that use the sysctl interface to have a reasonably functional system when you're through. For example: you take away your hostname, your processes. There are individual bits of the MIB that jails shouldn't see, but they're not really the majority and can be handled on a case-by-case basis. And in particular, there's no point in taking away security.jail.jailed. It's a boolean in whether you're in a jail, which has such a wide variety of discoverability that you might as well just put it plain in front of your face. And if you took it away, it would still work, just with ENOENT meaning that you're in a jail. A jail isn't a virtual machine; it was never an attempt to fool the jailed user into thinking that they're not jailed. If you care to look, you will know that you're jailed. You will also know a few different particulars about what your jail can't do, so you can avoid bothering to even try something that doesn't work for your situation. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[email protected]"
