jails, cron and sendmail
David King
dking at ketralnis.com
Mon Aug 28 16:22:07 UTC 2006
>>>> The default configuration doesn't expose sendmail to the publicly
>>>> visible IP addres. The daemon it runs only listens for
>>>> connections to
>>>> the localhost address.
>>> Which is rewritten to the jails (externally visible) address on a
>>> connect()
>> Yup. I wasn't aware of that strange behavior of jails. That should be
>> fixed.
> Fixed how? Disallow jailed applications to connect to 127.0.0.1,
> and thus break most of them, or have them reach 127.0.0.1 on the
> host system and weaken the security?
Would it be too much to ask to let the system keep lo0, and give the
first jail lo1, the second jail lo2...? That is, a separate loopback
for each jail?
More information about the freebsd-hackers
mailing list