On Wed, 29 Jan 2014, Alexander Leidinger wrote:
It does. I included a warning in jail.8 that this will pretty much undo
jail security. There are still reasons some may want to do this, but it's
definitely not for everyone or even most people.
It only "unjails" (= basically the same security level as the jail-host with
the added benefit of the flexibility of a jail like easy moving from one
system to another) the jail which has this flag set. All other jails without
the flag can not "escape" to the host.
I also have to add that just setting this flag does not give access to the
host, you also have to configure a non-default devfs rule for this jail (to
have the devices appear in the jail).
This is not correct: devices do not need to be delegated in devfs for PRIV_IO
to allow bypass of the Jail security model, due to sysarch() and the
Linux-emulated equivalent, which turn out direct I/O access from a user
process without use of a device node.
Frankly, I'd like to see this backed out and not reintroduced. If it must be
retained, then it needs a much more clear warning that enabling this feature
disables Jail's security model. Don't use the word 'obviate', instead
explicitly state that root within the jail can escape the jail.
Robert
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
