hiding jail processes from users

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

hiding jail processes from users

Steve Wills-2

I noticed that users can see jail processes even when
security.bsd.see_other_uids=0 and security.bsd.see_other_gids=0 are set,
if the process happens to be the same UID/GID as the user. So I created
a patch which adds a security.bsd.see_jail_proc sysctl which hides jail
processes from non-root users regardless of see_other_*. The patch is here:


Any feedback would be appreciated.


signature.asc (651 bytes) Download Attachment