On 31 January 2014 18:28, James Gritton <ja...@freebsd.org> wrote: > On 1/31/2014 5:34 AM, Robert Watson wrote:
>> Frankly, I'd like to see this backed out and not reintroduced. If it must >> be retained, then it needs a much more clear warning that enabling this >> feature disables Jail's security model. Don't use the word 'obviate', >> instead explicitly state that root within the jail can escape the jail. >> >> Robert > > I'll do at least the next-best thing: back it out and hope to re-introduce > it. Clearly it could use some further discussion. How about outputting both a kernel (i.e. logged) and userland messages when the jail is created (or the parameter is changed, if it can?) which say something like "DANGER! The root within this jail (jid=%d) can escape the jail" or something like it? That seems reasonably loud. _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"