From f49a230f9c1cbc9d8a54a1edf86515fb4300fb04 Mon Sep 17 00:00:00 2001
From: Benedict Reuschling <bcr@FreeBSD.org>
Date: Thu, 28 Jul 2011 11:41:55 +0000
Subject: [PATCH] Add a section to the jail chapter that explains why it is not
 recommended to allow root users in the jail to access the host system.

PR:		docs/156853
Submitted by:	crees
Patch by:	crees
Approved by:	re (kib) for BETA1
---
 usr.sbin/jail/jail.8 | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8
index 8ed913a1eb02..41d0e46c2576 100644
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@@ -34,7 +34,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd July 23, 2011
+.Dd July 28, 2011
 .Dt JAIL 8
 .Os
 .Sh NAME
@@ -914,3 +914,8 @@ directory that is moved out of the jail's chroot, then the process may gain
 access to the file space outside of the jail.
 It is recommended that directories always be copied, rather than moved, out
 of a jail.
+.Pp
+It is also not recommended that users allowed root in the jail be allowed
+access to the host system.
+For example, a root user in a jail can create a setuid root utility that
+could be run in the host system to achieve elevated privileges.