David Malone wrote:
On Sun, May 28, 2006 at 03:46:06PM +0200, Anatoli Klassen wrote:
if security.bsd.see_other_uids is set to 0, users from the main system
can still see processes from jails if they have (by accident) the save uid.
For me it's wrong behavior because the main system and the jail are two
different systems where uids are independent.
You could try the following (untested) patch to the MAC seeotheruid
module. You'd need to compile a kernel with the MAC option and then:
Thanks for the patch, maybe I'll need something like that for my
environment.
But my question is if it's really intended that jail is not real virtual
system but just a way to limit interaction from jail to host and not
vice versa.
If it's the case than this has to be specified in jail(8).
Regards,
Anatoli
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
