request for (security) comments on this setup
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Mon Sep 22 15:55:08 UTC 2008
On Mon, 22 Sep 2008, Randy Schultz wrote:
Hi,
> I'm mounting some iSCSI storage in a jail. It's mounting in the jail via
> fstab.<jailname>. When the jail is up and I'm logged into the jail I can cd
> to the mount point, r/w etc., everything seems to work. What's weird tho'
> is,
> while a df on the parent shows the partion mounted as expected, a df inside
> the jail shows the local disk but not the iSCSI mount.
> ...
> So, my first question is what am I missing, the second is does mounting
> things
> this way into a jail pose any sort of risk for escaping the jail?
Does anything change if you do a
sysctl security.jail.enforce_statfs=1
If that's what you want you can add the following lines to
/etc/sysctl.conf in the base system so it is automatically set upon
boot:
# jails
security.jail.enforce_statfs=1
/bz
--
Bjoern A. Zeeb Stop bit received. Insert coin for new game.
More information about the freebsd-jail
mailing list