hiding jail processes from users

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

hiding jail processes from users

Steve Wills-2
Hi,

I noticed that users can see jail processes even when
security.bsd.see_other_uids=0 and security.bsd.see_other_gids=0 are set,
if the process happens to be the same UID/GID as the user. So I created
a patch which adds a security.bsd.see_jail_proc sysctl which hides jail
processes from non-root users regardless of see_other_*. The patch is here:

https://reviews.freebsd.org/D10770

Any feedback would be appreciated.

Thanks,
Steve



signature.asc (651 bytes) Download Attachment