I notice that users on the jails host system that have same id's as users inside jails can kill jail user processes.
For example let's say I'm logged with user mrX which has uid=1001 on the host system and I have a jail X with user mrY uid=1001, in this case my mrX user can kill any process that mrY started.
I have set security.bsd.see_other_uids=0 which doesn't make any difference, mrX can see/kill all processes started by uid=1001 no matter if they belong to jail or not.
Is this the intended behavior and if so is there a way to prevent this?
For example let's say I'm logged with user mrX which has uid=1001 on the host system and I have a jail X with user mrY uid=1001, in this case my mrX user can kill any process that mrY started.
I have set security.bsd.see_other_uids=0 which doesn't make any difference, mrX can see/kill all processes started by uid=1001 no matter if they belong to jail or not.
Is this the intended behavior and if so is there a way to prevent this?