hiding jail processes from users
Steve Wills
steve at mouf.net
Wed May 17 15:08:01 UTC 2017
Hi,
I noticed that users can see jail processes even when
security.bsd.see_other_uids=0 and security.bsd.see_other_gids=0 are set,
if the process happens to be the same UID/GID as the user. So I created
a patch which adds a security.bsd.see_jail_proc sysctl which hides jail
processes from non-root users regardless of see_other_*. The patch is here:
https://reviews.freebsd.org/D10770
Any feedback would be appreciated.
Thanks,
Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 638 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20170517/e0522f7e/attachment.sig>
More information about the freebsd-jail
mailing list