unprivileged users are able to kill certain jailed processes

[Andre Oppermann]

Björn König wrote:
> Hello,
> 
> unprivileged users of the host environment can see jailed processes with 
> the same user ID. Furthermore they are able to send signals to these 
> processes. I think since users are not allowed to imprison processes 
> there is no reason why they should see them or even kill them.

 From the hosts point of view a jail is like a user and all processes in
that jail are of that user.  If you have normal users on the host and
have jails under the same user id then, yea, tough luck.  You're not
supposed to do that.  The purpose of jail is to protect the host from
what is running in the jail, not the other way around.

-- 
Andre