Hey Community,
I want to try something but need some advice before I start.
If I open a pppoe connection on a machine which has some jails instantiated,
could these (maybe compromised) jails do something nasty with that tun device?
In my understanding the kernel creates the pppoe device which is shared by all jails on the host.
Even if I create the pppoe interface inside a jail, it wouldn't make any difference, am I right?
Could this lead to more trouble than security?
And what about firewalling inside a jail?
Any suggestions or Ideas? Im thankful for any shared knowledge.
I want to try something but need some advice before I start.
If I open a pppoe connection on a machine which has some jails instantiated,
could these (maybe compromised) jails do something nasty with that tun device?
In my understanding the kernel creates the pppoe device which is shared by all jails on the host.
Even if I create the pppoe interface inside a jail, it wouldn't make any difference, am I right?
Could this lead to more trouble than security?
And what about firewalling inside a jail?
Any suggestions or Ideas? Im thankful for any shared knowledge.