cvs commit: src/sys/kern kern_jail.c
Pawel Jakub Dawidek
pjd at FreeBSD.org
Sun Feb 15 08:21:53 PST 2004
On Sat, Feb 14, 2004 at 11:19:48AM -0800, Robert Watson wrote:
+> Commiter: Robert Watson <rwatson at FreeBSD.org>
+> Branch: HEAD
+>
+> Files:
+> 1.38 src/sys/kern/kern_jail.c
+>
+> Log:
+> By default, don't allow processes in a jail to list the set of
+> jails in the system. Previous behavior (allowed) may be restored
+> by setting security.jail.list_allowed=1.
Are you planning to leave this sysctl?
IMHO the previous behaviour was just bad, this was a bug, and restoring
this behaviour shouldn't be permitted.
But if this sysctl is just a temporary solution and will be removed in
the future, it is ok (but maybe BURN_BRIDGES should be added?).
PS. This functionality is quite fresh, I'm not sure if someone started
to depend on it...
--
Pawel Jakub Dawidek http://www.FreeBSD.org
pjd at FreeBSD.org http://garage.freebsd.pl
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-src/attachments/20040215/ff35a8db/attachment.bin
More information about the cvs-src
mailing list