how to make the jail safe for the parent system?
Menshikov Konstantin
kostjn at peterhost.ru
Wed Oct 7 14:47:32 UTC 2009
Andrey Groshev wrote:
> Hi, All!
>
> I understand, what not absolutely normal question, but...
>
> There is I and my server.
> Also there is other person a server responsible for a web.
> Periodically he wants that I would instal some software, but in my
> representation, this software bad or unnecessary.
> I wish to make jail for its and its software.
> To give to this person complete access to it, let does all that wants.
> But, if in the jail create wrong start scripts, then the parent system
> too cannot be started up to the end.
> For example: in jail in /etc/rc.local write /bin/sh
> And that starts all after this prison will not receive handle.
>
> Question: how it to avoid?
>
>
Hi.
I`m think, that this is bug in /etc/rc.d/jail script.
You can fix /etc/rc.d/jail
626 run_rc_command "${cmd}" &
627 sleep 5
instead
626 run_rc_command "${cmd}"
This work.
More information about the freebsd-jail
mailing list