Revert r221655:
Various people voiced their concerns about these changes. Until this is resolved, we should use the old version.
This commit is contained in:
bcr
parent
b838671bb4
commit
4ef09d2b79
@ -34,7 +34,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd May 8, 2011
|
||||
.Dd January 17, 2010
|
||||
.Dt JAIL 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -431,7 +431,7 @@ command script can be used:
|
||||
.Bd -literal
|
||||
D=/here/is/the/jail
|
||||
cd /usr/src
|
||||
mkdir -p -m 0700 $D
|
||||
mkdir -p $D
|
||||
make world DESTDIR=$D
|
||||
make distribution DESTDIR=$D
|
||||
mount -t devfs devfs $D/dev
|
||||
@ -448,10 +448,6 @@ in the per-jail devfs.
|
||||
A simple devfs ruleset for jails is available as ruleset #4 in
|
||||
.Pa /etc/defaults/devfs.rules .
|
||||
.Pp
|
||||
Non-superusers in the host system should not be able to access the
|
||||
jail's files; otherwise an attacker with root access to the jail
|
||||
could obtain elevated privileges on the host.
|
||||
.Pp
|
||||
In many cases this example would put far more in the jail than needed.
|
||||
In the other extreme case a jail might contain only one file:
|
||||
the executable to be run in the jail.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user