Call for a hacker.... security.bsd.see_other_uids in jails only
Pawel Jakub Dawidek
pjd at FreeBSD.org
Fri May 21 01:02:46 PDT 2004
On Thu, May 20, 2004 at 11:01:45PM +0100, Josef Karthauser wrote:
+> I was wondering whether someone might help me out.
+>
+> There's a couple of sysctls in -current:
+>
+> security.bsd.see_other_uids: 1
+> security.bsd.see_other_gids: 1
+>
+> These effectively allow one to prevent users from spying on each
+> other.
+>
+> What I need to do is to disable these within jails, but not in the
+> host enviroment. The reason I need this is that I'm running the
+> FreeBSD election on a box of mine, but I don't want to have to clear
+> these globally.
+>
+> Would someone have the time to hack me a patch to do this? It doesn't
+> have to be clean, although evenually I'd like to see something like
+> this committed to freebsd operating on a sysctl.
Implementation wouldn't be probably too hard, but I can't agree it should
be committed. We need to know where jail's virtualization ends and I think
it is too far. Of course it will be cool to have those sysctl on per-jail
basics, as well as others from security.bsd. tree
(like security.bsd.suser_enabled), but I'm not sure this is the right way
to go.
Any other opinions? If someone convince me we should do it, I can do it.
--
Pawel Jakub Dawidek http://www.FreeBSD.org
pjd at FreeBSD.org http://garage.freebsd.pl
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20040521/af91d941/attachment.bin
More information about the freebsd-current
mailing list