[Bug 229968] jail can see other interfaces in linprocfs

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Bug 229968] jail can see other interfaces in linprocfs

bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229968

--- Comment #6 from Bjoern A. Zeeb <[hidden email]> ---
(In reply to Jamie Gritton from comment #3)

There is a point that we should zero the statistics for non-IPs for queries
from jails to not leak that information (as so many other things) and then only
for the jail-IPs keep them.

Two jails sharing an IP address might still be able to derive that there is
another one, etc.;  on the other hand, jails were never meant to be that
perfect.


For a moment I thought we might even go the long way and if there is no IP for
the jail on an interface, ditch the entire interface but the logic to hide a
little detail grows quickly.

The linprocfs should however never expose more than the native tools and for as
long as that's true, I am ok with whatever linprocfs exports.

--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"