svn commit: r318751 - in head/sys: kern sys
Steve Wills
swills at FreeBSD.org
Mon Oct 23 13:32:03 UTC 2017
Hi,
On 10/21/2017 18:55, Allan Jude wrote:
> On 2017-10-21 18:45, Steven Hartland wrote:
>> Personally I hate that idea as like being able to see all the processes
>> from the host.
>>
>> I have a similar hate of Linux containers where you have to jump though
>> hoops just to see whats really happening on the host.
>>
>> On Sat, 21 Oct 2017 at 20:29, Allan Jude <allanjude at freebsd.org
>
> Note: this does NOT change root's ability to see the processes in the jail.
>
> I just stops uid 1001 on the host, from using the processes owned by uid
> 1001 in each jail, even in the presence of: security.bsd.see_other_uids=0
>
>
I think we'd be doing our users a service by enabling this by default
and avoiding the potential foot-shooting. I'd even be happy if we set
the other security.bsd.see_other_* to 0 by default. Or at least change
the installer to default that way (if it doesn't already? I'm not sure).
Personally, I'm going to do that locally anyway so if we don't do those
things, I won't be upset, but saddened for our users sake.
Note too that security.bsd.see_jail_proc is partially a work around for
the fact that security.bsd.see_other_* doesn't work as you might expect.
It's literally the UID/GID, rather than the username, so
security.bsd.see_other_* has no idea that the users in the jail are not
the same users on the host, which is unexpected and counter-intuitive at
best and dangerous at worst. (Even if that were changed,
security.bsd.see_jail_proc is still useful for the potential scenario
where you don't want/need to set security.bsd.see_other_* but don't want
users to see processes in jails.)
Steve
More information about the svn-src-all
mailing list