d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add a section to the jail chapter that explains why it is not

Browse Source 
recommended to allow root users in the jail to access the host system.

PR:		docs/156853
Submitted by:	crees
Patch by:	crees
Approved by:	re (kib) for BETA1
This commit is contained in:
Benedict Reuschling 2011-07-28 11:41:55 +00:00
parent b5cb9d4fa6
commit f49a230f9c
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
usr.sbin/jail/jail.8
View File

@ -34,7 +34,7 @@
.\" .\"
.\" $FreeBSD$ .\" $FreeBSD$
.\" .\"
.Dd July 23, 2011 .Dd July 28, 2011
.Dt JAIL 8 .Dt JAIL 8
.Os .Os
.Sh NAME .Sh NAME
@ -914,3 +914,8 @@ directory that is moved out of the jail's chroot, then the process may gain
access to the file space outside of the jail. access to the file space outside of the jail.
It is recommended that directories always be copied, rather than moved, out It is recommended that directories always be copied, rather than moved, out
of a jail. of a jail.
.Pp
It is also not recommended that users allowed root in the jail be allowed
access to the host system.
For example, a root user in a jail can create a setuid root utility that
could be run in the host system to achieve elevated privileges.