Vlad GALU
2006-Feb-23 12:27 UTC
Processes started inside a jail are only visible outside the jail
6.1-PRERELEASE Inside the jail: root@j1 / # /usr/local/sbin/lighttpd -f /usr/local/etc/lighttpd.conf root@j1 / # root@j1 / # ps ax | grep light 55816 p0 S+J 0:00.00 grep light root@j1 / # Outside the jail: root@host / # ps ax | grep light 6263 ?? S 0:47.85 /usr/local/sbin/lighttpd -f /usr/local/etc/lighttpd.conf 81204 ?? SJ 0:00.01 /usr/local/sbin/lighttpd -f /usr/local/etc/lighttpd.conf 85151 pa S+ 0:00.00 grep light root@host / # There are two lighttpd instances - the host runs one as well. The other one is the one started from within the jail. I don't know where to start investigating from. -- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it.
Ricardo A. Reis
2006-Feb-24 07:52 UTC
Processes started inside a jail are only visible outside the jail
Hi Vlad, See your sysctl.conf per this entries: sysctl -ad | grep bsd.see security.bsd.see_other_gids: Unprivileged processes may see subjects/objects with different real gid security.bsd.see_other_uids: Unprivileged processes may see subjects/objects with different real uid Ricardo A. Reis UNIFESP Unix and Network Admin> 6.1-PRERELEASE > > Inside the jail: > root@j1 / # /usr/local/sbin/lighttpd -f /usr/local/etc/lighttpd.conf > root@j1 / # > root@j1 / # ps ax | grep light > 55816 p0 S+J 0:00.00 grep light > root@j1 / # > > Outside the jail: > root@host / # ps ax | grep light > 6263 ?? S 0:47.85 /usr/local/sbin/lighttpd -f > /usr/local/etc/lighttpd.conf > 81204 ?? SJ 0:00.01 /usr/local/sbin/lighttpd -f > /usr/local/etc/lighttpd.conf > 85151 pa S+ 0:00.00 grep light > root@host / # > > There are two lighttpd instances - the host runs one as well. The > other one is the one started from within the jail. > I don't know where to start investigating from. > > -- > If it's there, and you can see it, it's real. > If it's not there, and you can see it, it's virtual. > If it's there, and you can't see it, it's transparent. > If it's not there, and you can't see it, you erased it. > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > >