Current problem reports assigned to freebsd-jail@FreeBSD.org
Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description o bin/189139 jail [patch] fix bug in jail(8) variable substitution o kern/188753 jail [jail] mount devfs ruleset ignored o kern/188495 jail [jail] /etc/rc.d/jail, ezjail and Linux jails don't wo o kern/188018 jail [jail] [vimage] Running pfctl -sr -v in Jail with VIMA o kern/186360 jail [jail] jail using nullfs and unionfs doesn't mount dev o kern/184719 jail [jail] Starting jails: cannot start jail domain_com: o bin/181794 jail jexec(8) runs commands in Jails without taking into ac o conf/181650 jail [jail] [patch] /etc/rc.d/jail fails if a kernel built o kern/180916 jail [jail] [regression] jail startup is broken for 8.4 wit o kern/180067 jail [jail] [patch] fix multicast support within jails o bin/178302 jail jail(8): unknown parameter: ip6.addr when kernel compi o kern/176112 jail [jail] [panic] kernel panic when starting jails o kern/174902 jail [jail] jail should provide validator for jail names o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no o kern/169751 jail [jail] reading routing information does not work in ja o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k o kern/159918 jail [jail] inter-jail communication failure o kern/156111 jail [jail] procstat -b not supported in jail o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] Bad address with smbfs inside a jail o bin/99566jail [jail] [patch] fstat(1) according to specified jid 25 problems total. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Can Firefox break out of a jail
Hi, I do some experimenting with jails at the moment on a FreeBSD 10.0 machine. The jails are all setup manually according to the handbook and man jail. Each jail gets a name and an IP address. Individual ports are then installed via the ports tree. X is running on the host system. Telnet is used to connect to the jails. When I install now firefox in a jail and also in the host system, I get the following behaviour. Scene A Firefox runs already on the host system. I start then firefox inside the jail firefox. It all seems fine as long as I do not use the history or want to save the visited page. The jailed firefox sees then the history of the firefox running on the host. Scene B Firefox is first started inside the jail firefox. When then the host system also starts a firefox, this firefox sees now the history and the filesystem of the jailed firefox. Is it X that allows the jailed firefox to communicate directly with firefox running directly on the host? Is there then a way to secure the system? I have tried then programs like gedit or kate and saw only the behaviour I expected. Both programs either saw only resources from inside the jail or from outside but never resources from the other side of the fence. Erich ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: Can Firefox break out of a jail
Erich Dollansky wrote: Hi, I do some experimenting with jails at the moment on a FreeBSD 10.0 machine. The jails are all setup manually according to the handbook and man jail. Each jail gets a name and an IP address. Individual ports are then installed via the ports tree. X is running on the host system. Telnet is used to connect to the jails. When I install now firefox in a jail and also in the host system, I get the following behaviour. Scene A Firefox runs already on the host system. I start then firefox inside the jail firefox. It all seems fine as long as I do not use the history or want to save the visited page. The jailed firefox sees then the history of the firefox running on the host. Scene B Firefox is first started inside the jail firefox. When then the host system also starts a firefox, this firefox sees now the history and the filesystem of the jailed firefox. Is it X that allows the jailed firefox to communicate directly with firefox running directly on the host? Is there then a way to secure the system? I have tried then programs like gedit or kate and saw only the behaviour I expected. Both programs either saw only resources from inside the jail or from outside but never resources from the other side of the fence. firefox has to be installed where you have xorg and your desktop installed. Installing firefox in a jail be it self does nothing. What you think you are seeing is wrong. ssh into jail having firefox is not running firefox. ssh into the host where xorg and desktop and firefox is the only to have firefox work to the best of my knowledge. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: Can Firefox break out of a jail
On Mon, May 5, 2014 at 1:58 PM, Erich Dollansky erichsfreebsdl...@alogt.com wrote: Hi, I do some experimenting with jails at the moment on a FreeBSD 10.0 machine. The jails are all setup manually according to the handbook and man jail. Each jail gets a name and an IP address. Individual ports are then installed via the ports tree. X is running on the host system. Telnet is used to connect to the jails. When I install now firefox in a jail and also in the host system, I get the following behaviour. Scene A Firefox runs already on the host system. I start then firefox inside the jail firefox. It all seems fine as long as I do not use the history or want to save the visited page. The jailed firefox sees then the history of the firefox running on the host. Scene B Firefox is first started inside the jail firefox. When then the host system also starts a firefox, this firefox sees now the history and the filesystem of the jailed firefox. Is it X that allows the jailed firefox to communicate directly with firefox running directly on the host? Is there then a way to secure the system? I have tried then programs like gedit or kate and saw only the behaviour I expected. Both programs either saw only resources from inside the jail or from outside but never resources from the other side of the fence. Erich Firefox is a strange beast in regarads to running it on a remote host. It needs to be started as firefox --no-remote to not find local running instance and connect to it. How that happens I don't know... Best regards Andreas ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: Can Firefox break out of a jail
Hi, On Mon, 05 May 2014 08:22:37 -0400 Fbsd8 fb...@a1poweruser.com wrote: Erich Dollansky wrote: Hi, I do some experimenting with jails at the moment on a FreeBSD 10.0 machine. The jails are all setup manually according to the handbook and man jail. Each jail gets a name and an IP address. Individual ports are then installed via the ports tree. X is running on the host system. Telnet is used to connect to the jails. When I install now firefox in a jail and also in the host system, I get the following behaviour. Scene A Firefox runs already on the host system. I start then firefox inside the jail firefox. It all seems fine as long as I do not use the history or want to save the visited page. The jailed firefox sees then the history of the firefox running on the host. Scene B Firefox is first started inside the jail firefox. When then the host system also starts a firefox, this firefox sees now the history and the filesystem of the jailed firefox. Is it X that allows the jailed firefox to communicate directly with firefox running directly on the host? Is there then a way to secure the system? I have tried then programs like gedit or kate and saw only the behaviour I expected. Both programs either saw only resources from inside the jail or from outside but never resources from the other side of the fence. firefox has to be installed where you have xorg and your desktop installed. Installing firefox in a jail be it self does nothing. What you think you are seeing is wrong. ssh into jail having firefox is not running firefox. ssh into the host where xorg and desktop and firefox is the only to have firefox work to the best of my knowledge. as you can see, I have realised my mistake with the mailing list. Ok, why is this so? How can firefox started inside a jail see the firefox from outside. As I am travelling most of my time, I only have my notebook. If I remember right, I used to have in the office a small FreeBSD server which was running as an application server. When I started firefox there via telnet on the other machine, it worked as expected. The remote firefox saw only the 'remote' machine and the local firefox saw only the local machine. Shouldn't it be the same with a jailed firefox? Erich ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: Can Firefox break out of a jail
Hi, On Mon, 5 May 2014 14:27:23 +0200 Andreas Nilsson andrn...@gmail.com wrote: On Mon, May 5, 2014 at 1:58 PM, Erich Dollansky erichsfreebsdl...@alogt.com wrote: Firefox is a strange beast in regarads to running it on a remote host. It needs to be started as firefox --no-remote to not find local running instance and connect to it. How that happens I don't know... thanks, that is the solution. It seems that I used this before but forgot about it. Erich ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org