Add a section to the jail chapter that explains why it is not
recommended to allow root users in the jail to access the host system. PR: docs/156853 Submitted by: crees Patch by: crees Approved by: re (kib) for BETA1
This commit is contained in:
Benedict Reuschling
parent
b5cb9d4fa6
commit
f49a230f9c
@ -34,7 +34,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd July 23, 2011
|
||||
.Dd July 28, 2011
|
||||
.Dt JAIL 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -914,3 +914,8 @@ directory that is moved out of the jail's chroot, then the process may gain
|
||||
access to the file space outside of the jail.
|
||||
It is recommended that directories always be copied, rather than moved, out
|
||||
of a jail.
|
||||
.Pp
|
||||
It is also not recommended that users allowed root in the jail be allowed
|
||||
access to the host system.
|
||||
For example, a root user in a jail can create a setuid root utility that
|
||||
could be run in the host system to achieve elevated privileges.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user