On Mon, Jan 14, 2002 at 09:42:26AM -0500, Robert Watson wrote:
If the NFS mount is visible in the jail's namespace, then the jailed
processes can access it subject to normal access control restrictions.
However, processes in jail are not permitted to mount, remount, or unmount
filesystems, so any access to NFS must be configured by a process outside
the jail (and preferably, before any untrusted processes run in the jail,
so as to prevent racing and path-based games). Typically, when using NFS
with a jail, I'll do the NFS mounting prior to actually starting the jail.
i assume that this is right way too.
Robert N M Watson FreeBSD Core Team, TrustedBSD Project
rob...@fledge.watson.org NAI Labs, Safeport Network Services
ps. and as all the time :) sorry for my ugly english :)
u l s t u c t c
To Unsubscribe: send mail to majo...@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message