7 messages in org.freebsd.freebsd-securityRe: jail and NFS| From | Sent On | Attachments |
|---|---|---|
| zhuravlev alexander | Jan 14, 2002 5:04 am | |
| Steve Shorter | Jan 14, 2002 6:13 am | |
| Robert Watson | Jan 14, 2002 6:42 am | |
| zhuravlev alexander | Jan 14, 2002 9:30 am | |
| zhuravlev alexander | Jan 14, 2002 9:37 am | |
| Ryan C. Creasey | Jan 14, 2002 10:59 am | |
| Robert Watson | Jan 14, 2002 8:03 pm |
| Subject: | Re: jail and NFS | |
|---|---|---|
| From: | zhuravlev alexander (za...@ulstu.ru) | |
| Date: | Jan 14, 2002 9:37:14 am | |
| List: | org.freebsd.freebsd-security | |
On Mon, Jan 14, 2002 at 08:30:32PM +0300, zhuravlev alexander wrote:
On Mon, Jan 14, 2002 at 09:42:26AM -0500, Robert Watson wrote:
If the NFS mount is visible in the jail's namespace, then the jailed processes can access it subject to normal access control restrictions. However, processes in jail are not permitted to mount, remount, or unmount filesystems, so any access to NFS must be configured by a process outside the jail (and preferably, before any untrusted processes run in the jail, so as to prevent racing and path-based games). Typically, when using NFS with a jail, I'll do the NFS mounting prior to actually starting the jail.
by the way ... when it type in jailed box
mount
i saw all filesystems and shares mounted by host system is this correct ?
-- zhuravlev alexander u l s t u c t c e-mail:za...@ulstu.ru
To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message