jail and uname

George Davidovich freebsd at optimis.net
Sat Jul 3 07:21:05 UTC 2010


On Sat, Jul 03, 2010 at 02:13:13PM +0800, Aiza wrote:
> From the console of a jail I issue uname -r and get 8.0-RELEASE-p3,
> which is the release level of the host. I know the jail is running a
> pristine minimum install of 8.0-RELEASE.
> 
> I would think issuing uname from within a jail environment should 
> respond with the info of the jail environment. Is this not a security 
> violation?

I'm guessing your understanding of jails is a bit off.  A FreeBSD jail
isn't a "fully virtualised" system.  As implemented, jails share the
host system's kernel.  The Handbook makes clear that a jail is
essentially defined by a directory subtree, a hostname, an IP address,
and a command.  Well, that, and things like user accounts.

So when you run uname, what's reported is kernel information as stored
in various sysctl(8) MIBs (kern.ostype, kern.osrelease, kern.osrevision,
kern.version, etc.).  And because there's only one kernel, you'll get
the same output from running uname on the host as you would get from
running it inside a jail.

-- 
George


More information about the freebsd-questions mailing list