Search results

Hi Robroy, Thanks for the reference. The issue I describe is actually even worse than the SysV IPC issue described in this video. SysV IPC are disabled by default in Jail, and I think you can enable them on a jail-per-jail basis. What Bryan Cantrill denounces is that there is an implicit mutual...

Done.

If you want to provide environments feeling like full systems where users can have full privileges and be able to restart the machine at will, then indeed jails may not be the most appropriate solution, hardware virtualization may be more appropriate. I'm a heavy user of jails, the main real...

The only way I've found yet to detect SHM objects is to look for open file descriptors using a command such as: fstat | awk '{print $5}' | sort -u It appears that while the jails have access to all SHM objects, they can only list their own ones (through this method at least, maybe there are...

I'm quite worried by the idea that on one side anyone with enough privileges within a jail can tamper all SHM objects system-wide and that there is no way to estimate the potential impact of this weakness since there is no way to actually list the SHM currently used on the system (I just know...

Subsidiary question: is there a way to list currently created shared memory objects? (and no, ipcs -a does not list them)

OK, so it seems there is no way to prevent a jail from accessing / altering shared memory objects from other jails... no good, no good at all :( ...

I'm not sure how to interpret your answer, did you mean "You can't access other jails' shared memory objects when sysvipc_allowed is set to 0", as I was initially expecting, or did you mean "You can't prevent this", as answer to my question (which I would feel as quite a limitation affecting...

The initial issue I encountered was on a system were I tried to install a second Squid proxy in a new jail. It appeared that this second Squid proxy would not be able to start until its user was given the same UID as the first Squid in the other jail, otherwise it would systematically fail with...

Hello all, I've been quite surprised to see that by default (I'm using FreeBSD 10.1) all jails share their memory objects created through shm_open()(2) (even when the security.jail.sysvipc_allowed sysctl value is set to 0). How do you prevent this so a jail cannot access the shared memory...

Hello, Thank for these explanations. I'm a bit surprised how ezjail website and each How-To I read on it always repeat about the resolv.conf file, the timezone, etc., but I never saw anything on the empty root password (most probably because, unlike the previously mentioned points having no root...

Hello, I guess I missed something very evident, however I just do not understand why when I create a jail using ezjail why by default it created with a passwordless root account (vipw = "root::")? On my logic, since this account will usually been access from an ezjail console command, I would...

Hello, I come here and see this post becomes a bit old now but still has no answer; do you still encounter the issue? I think your issue, your issue should come from the following directive: alias /usr/local/www/phpMyAdmin; alias is not root, if I'm not wrong alias could only serve as a...

Hello, You said "I have the host.domainName as a URL Redirect to the IP address": actually, to be able to ssh to your domain name, you must have it to be directly associated to your IP address. No URL redirect: if you do a nslookup host.domainName, it should show you your own IP address for ssh...

Hello, Sorry if my question may sound silly or has already been dealt with elsewhere, but I'm brand new on this forum and did not found any answer despite a few searches... The question, however, is quite simple : I just installed MariaDB server (I think the problem would be similar with...