https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285782
Olivier Certner <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #10 from Olivier Certner <[email protected]> --- This works as intended. Jails actually do not necessarily have a "root filesystem" in the sense of having their '/' be the root of some filesystem, and they do not own the filesystem below their '/' (outside of the jail, operators can move directories that appear within the jail). Combination of the two allows to move directories visible in the jail to outside the jail. It would be very costly to try to detect and prevent such moves. The caveats have been documented for a while, but probably could be advertised more. The recommendations I would give here are: 1. Don't move jailed directories from outside their jail (already mentioned in jail(8)). 2. Prevent unprivileged users from accessing jail's file hierarchy (already mentioned in jail(8)). 3. If possible, ensure that each jail's root is some filesystem root (not mentioned in jail(8)). Note however that 3 won't be enough should ZFS, for example, gain the ability to 'mv' files between different datasets from the same pool. So 1 and 2 are really the most important ones. -- You are receiving this mail because: You are the assignee for the bug.
