Call for a hacker.... security.bsd.see_other_uids in jails only
Gleb Smirnoff
glebius at cell.sick.ru
Fri May 21 01:14:34 PDT 2004
On Fri, May 21, 2004 at 10:02:18AM +0200, Pawel Jakub Dawidek wrote:
P> Implementation wouldn't be probably too hard, but I can't agree it should
P> be committed. We need to know where jail's virtualization ends and I think
P> it is too far. Of course it will be cool to have those sysctl on per-jail
P> basics, as well as others from security.bsd. tree
P> (like security.bsd.suser_enabled), but I'm not sure this is the right way
P> to go.
P>
P> Any other opinions? If someone convince me we should do it, I can do it.
A more general solution will be better, but harder to implement: make
some sysctl branches (e.g. security.bsd) local per jail, and possibility to
change them only from host machine.
--
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
More information about the freebsd-current
mailing list