security.bsd.see_other_uids for jails

Anatoli Klassen anatoli at
Mon May 29 07:39:04 PDT 2006

David Malone wrote:
> On Sun, May 28, 2006 at 03:46:06PM +0200, Anatoli Klassen wrote:
>> if security.bsd.see_other_uids is set to 0, users from the main system 
>> can still see processes from jails if they have (by accident) the save uid.
>> For me it's wrong behavior because the main system and the jail are two 
>> different systems where uids are independent.
> You could try the following (untested) patch to the MAC seeotheruid
> module. You'd need to compile a kernel with the MAC option and then:

Thanks for the patch, maybe I'll need something like that for my 

But my question is if it's really intended that jail is not real virtual 
system but just a way to limit interaction from jail to host and not 
vice versa.

If it's the case than this has to be specified in jail(8).


More information about the freebsd-hackers mailing list