request for (security) comments on this setup
Randy Schultz
schulra at earlham.edu
Mon Sep 22 16:25:40 UTC 2008
On Mon, 22 Sep 2008, Bjoern A. Zeeb spaketh thusly:
-}On Mon, 22 Sep 2008, Randy Schultz wrote:
-}
-}Hi,
-}
-}> I'm mounting some iSCSI storage in a jail. It's mounting in the jail via
-}> fstab.<jailname>. When the jail is up and I'm logged into the jail I can cd
-}> to the mount point, r/w etc., everything seems to work. What's weird tho'
-}> is,
-}> while a df on the parent shows the partion mounted as expected, a df inside
-}> the jail shows the local disk but not the iSCSI mount.
-}> ...
-}> So, my first question is what am I missing, the second is does mounting
-}> things
-}> this way into a jail pose any sort of risk for escaping the jail?
-}
-}Does anything change if you do a
-} sysctl security.jail.enforce_statfs=1
Arg. I never thought to check for a sysctl option. Indeed it does. Tnx much
for the poke.
--
Randy (schulra at earlham.edu) 765.983.1283 <*>
Love with your heart, think with your head; not the other way around.
More information about the freebsd-jail
mailing list