Processes started inside a jail are only visible outside the jail

Vlad GALU vladgalu at gmail.com
Fri Feb 24 10:34:41 PST 2006 

On 2/24/06, Ricardo A. Reis <ricardo_bsd at yahoo.com.br> wrote:
> Hi Vlad,
>
> See your sysctl.conf per this entries:
>
> sysctl -ad | grep bsd.see
> security.bsd.see_other_gids: Unprivileged processes may see
> subjects/objects with different real gid
> security.bsd.see_other_uids: Unprivileged processes may see
> subjects/objects with different real uid

    They were set to 0, indeed. But I ran "ps" in the jail as root. I
should be seeing that process. For all other processes it seems to
work as expected. Only lighttpd manifests this symptom.
    I had mac_seeotheruids active. When I deactivated it, the problem
went away. Strange ...



>
> Ricardo A. Reis
> UNIFESP
> Unix and Network Admin
>
> > 6.1-PRERELEASE
> >
> > Inside the jail:
> > root at j1 / # /usr/local/sbin/lighttpd -f /usr/local/etc/lighttpd.conf
> > root at j1 / #
> > root at j1 / # ps ax | grep light
> > 55816  p0  S+J    0:00.00 grep light
> > root at j1 / #
> >
> > Outside the jail:
> > root at host / # ps ax | grep light
> >  6263  ??  S      0:47.85 /usr/local/sbin/lighttpd -f
> > /usr/local/etc/lighttpd.conf
> > 81204  ??  SJ     0:00.01 /usr/local/sbin/lighttpd -f
> > /usr/local/etc/lighttpd.conf
> > 85151  pa  S+     0:00.00 grep light
> > root at host / #
> >
> >    There are two lighttpd instances - the host runs one as well. The
> > other one is the one started from within the jail.
> >    I don't know where to start investigating from.
> >
> > --
> > If it's there, and you can see it, it's real.
> > If it's not there, and you can see it, it's virtual.
> > If it's there, and you can't see it, it's transparent.
> > If it's not there, and you can't see it, you erased it.
> > _______________________________________________
> > freebsd-stable at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> > To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
> >
> >
>
>


--
If it's there, and you can see it, it's real.
If it's not there, and you can see it, it's virtual.
If it's there, and you can't see it, it's transparent.
If it's not there, and you can't see it, you erased it.

More information about the freebsd-stable mailing list