svn commit: r224462 - stable/8/usr.sbin/jail

Jason Hellenthal jhell at
Thu Jul 28 23:31:23 UTC 2011

On Thu, Jul 28, 2011 at 10:40:19AM +0100, Robert Watson wrote:
> On Wed, 27 Jul 2011, Glen Barber wrote:
> >> How is either one of these different ?
> >>
> >> All mv(1) is doing is a cp(1) & rm(1). In either case the filehandle is 
> >> still broken and a process is not going to just get up and move with it. On 
> >> the other side though if you copied a pipe or socket or something similiar 
> >> for example into a jail then it might make whatever is outside available to 
> >> the jailed environment.
> >>
> >> Is there something I am misunderstanding about this ? has the way cp(1), 
> >> rm(1) & mv(1) been changed recently ? or is this wording a little off ?
> >
> > The text in the example is just an example of a situation where it may be 
> > possible for a process within a jail(8) to gain filesystem access outside of 
> > the jail(8).
> I wonder, if on these grounds, we should actually advise administrators that 
> it is a more robust configuration, both in terms of managing free space and 
> avoiding potential escape paths, to put each jail in its own file system. 
> Lots of people do this anyway, and as recommendations go, it's not a bad one. 
> We can then caution that if you *don't* do this, then you need to be careful 
> about the mv issue.

That sounds like a perfectly sane idea.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 522 bytes
Desc: not available
Url :

More information about the svn-src-stable-8 mailing list