kern/55163: [patch] hide kld system details from jails

Yar Tikhiy yar at
Tue Aug 5 06:50:19 PDT 2003

The following reply was made to PR kern/55163; it has been noted by GNATS.

From: Yar Tikhiy <yar at>
To: Dmitry Morozovsky <marck at>
Cc: FreeBSD-gnats-submit at
Subject: Re: kern/55163: [patch] hide kld system details from jails
Date: Tue, 5 Aug 2003 17:44:32 +0400

 On Mon, Aug 04, 2003 at 12:26:23PM +0400, Dmitry Morozovsky wrote:
 > Well, security thru obscurity is not the best technique ;-)
 > However, it seems that reveal too much info about host system for jail user,
 > or even for jail admin, is not always the best. We plan to use it together with
 > Pawel Jakub Dawidek's jailfsstat kernel module.
 > This code path is rare, so no performance problem I think. Any objections?
 The only objection I can see is that a generalized framework for
 restricting system interfaces within a jail should be developed
 instead of sticking in "if (foo_allowed)" everywhere.

More information about the freebsd-bugs mailing list