search for: jails

Displaying 20 results from an estimated 768 matches for "jails".

Did you mean: fails
2013 Feb 12
2
problem stoping jails with jail(8), jail.conf and mount.fstab
Hello, on 9.1-R, I highly appreciate the new jail(8) and jail.conf capabilities. Thanks for that extension! But I have one problem: If I want to stop a jail with 'jaill -r jailname', I get "umount: unmount of /.jail.jailname failed: Device busy" It seems to me that the order of fstab.jailname entries are not reverted by jail(8) when shutting down/umounting. My C skills
2006 Dec 19
3
/etc/rc.d/jail: losing IPs if jail_x_interface set and syntax error in jails /etc/rc?
Hi *, I recently triggered an error when setting up a jail-host: I configured the jail(s) like evry jail I set up in the past: On the jail-hosts /etc/rc.conf: # ---- Jail-Globals ---- jail_enable="YES" # Set to NO to disable starting of any jails jail_list="ftp mx1 relay" # Space separated list of names of jails jail_set_hostname_allow="NO" # Allow root user in a jail to change its hostname jail_socket_unixiproute_only="YES" # Route only TCP/IP within a jail jail_sysvipc_allow=&quo...
2006 Mar 07
3
Jails and loopback interfaces
Hi, Running: Freebsd 6.0 I am wondering if it is possible to have acces to loopback ip in a jail. I currently have a server running a jail. In the jail, there is a database and a web server. I would like to be able to have the database only bind on a loopback address and not on the jail's ip. Can this be done and how? Thanks -Cyril
2003 Jul 10
2
jail performance questions
I'm thinking of using jails to improve security on a server I am setting up. Specifically, I would like to put Apache/PHP in a jail, but I might like to set up 2-3 different jails for different purposes. I've found several examples showing how to set the jails up. My questions involve system requirements. Assuming...
2006 May 04
3
Jails and loopback interfaces
> I recently did something like this. I have a webserver in a jail that > needs to talk to a database, and the webserver is the only thing that > should talk to the databse. > My solution was to use 2 jails: one for the webserver, and another for the > database. > Jail 1: > * runs webserver > * binds to real interface with real, routable IP > Jail 2: > * runs database server > * binds to loopback interface, isn't directly reachable > from outside the box just t...
2011 May 06
6
Rooting FreeBSD , Privilege Escalation using Jails (Pétur)
I read this (http://www.petur.eu/blog/?p=459) blog post today. It's about that a remote user with root privilegs to a FreeBSD jail & user privileges to the jails host machine can obtain root privileges on the host machine. Can someone confirm if this bugg/exploit works?
2007 Jan 11
0
FreeBSD Security Advisory FreeBSD-SA-07:01.jail
...e an environment with a very limited ability to affect the system outside that environment, even for processes with superuser privileges. It is an extension of, but far more powerful than, the traditional UNIX chroot(2) system call. The host's jail rc.d(8) script can be used to start and stop jails automatically on system boot/shutdown. II. Problem Description In multiple situations the host's jail rc.d(8) script does not check if a path inside the jail file system structure is a symbolic link before using the path. In particular this is the case when writing the output from the jail...
2007 Aug 01
0
FreeBSD Security Advisory FreeBSD-SA-07:01.jail [REVISED]
...e an environment with a very limited ability to affect the system outside that environment, even for processes with superuser privileges. It is an extension of, but far more powerful than, the traditional UNIX chroot(2) system call. The host's jail rc.d(8) script can be used to start and stop jails automatically on system boot/shutdown. II. Problem Description In multiple situations the host's jail rc.d(8) script does not check if a path inside the jail file system structure is a symbolic link before using the path. In particular this is the case when writing the output from the jail...
2007 Aug 01
0
FreeBSD Security Advisory FreeBSD-SA-07:01.jail [REVISED]
...e an environment with a very limited ability to affect the system outside that environment, even for processes with superuser privileges. It is an extension of, but far more powerful than, the traditional UNIX chroot(2) system call. The host's jail rc.d(8) script can be used to start and stop jails automatically on system boot/shutdown. II. Problem Description In multiple situations the host's jail rc.d(8) script does not check if a path inside the jail file system structure is a symbolic link before using the path. In particular this is the case when writing the output from the jail...
2003 Jul 12
5
jails, ipfilter & stunnel
I'm setting up a server where I plan to use Jails to improve security I also have installed and am configuring ipfilter. Here are my questions: Because I'm using Jails, I will have to have multiple ip aliases on the network interface. I will use ipfilter to specify what can go to each of the addresses. (e.g., allow only incoming to port...
2007 Jan 11
2
FreeBSD Security Advisory FreeBSD-SA-07:01.jail
...e an environment with a very limited ability to affect the system outside that environment, even for processes with superuser privileges. It is an extension of, but far more powerful than, the traditional UNIX chroot(2) system call. The host's jail rc.d(8) script can be used to start and stop jails automatically on system boot/shutdown. II. Problem Description In multiple situations the host's jail rc.d(8) script does not check if a path inside the jail file system structure is a symbolic link before using the path. In particular this is the case when writing the output from the jail...
2003 Sep 10
2
jail + postgresql + System V IPC
...rent jail imple- mentation, System V primitives share a single namespace across the host and jail environments, meaning that processes within a jail would be able to communicate with (and potentially interfere with) processes outside of the jail, and in other jails. As such, this functionality is disabled by default, but can be enabled by setting this MIB entry to 1. Reading this it sounds like setting jail.sysvipc_allowed=1 is a bad idea? So I guess my question is, whether it is a big security risk to run postgresql in a jail? And what...
2013 Feb 15
1
mount lag, umounting returns wrong "Device busy"
Hello, while playing with new jail features, I recognized that manually umounting doesn't work as I'd expect. After jail has been destroyed, the following mountpoint is active: /dev/gpt/jailname1ROOT on /.jail.jailname1 (ufs, local, read-only) There was var mounted to /.jail.jailname1/var but that sucessfully umounted. 'fstat' also shows no open files in /.jail.jailname1 But
2003 May 21
1
netstat/ipcs inside jail
...0 0 jail.syslog *.* udp4 0 0 jail.ntp *.* udp4 0 0 jail.domain *.* netstat: short read netstat: short read netstat: short read .....(goes on for miles and miles if i dont ^C) just in case : kmem and the kernel are linked to the jails dev/null cube# ll /usr/home/jail/10.0.2.6/dev/kmem lrwx------ 1 root wheel 4 May 21 17:05 /usr/home/jail/10.0.2.6/dev/kmem -> null cube# ll /usr/home/jail/10.0.2.6/kernel lrwxr-xr-x 1 root wheel 8 May 17 17:08 /usr/home/jail/10.0.2.6/kernel -> dev/null ----- Thanks in avance for...
2003 Aug 05
6
Problems with JAIL in 4.8R
Hi, i've set the outside ip for the jail..It works.. When i try to ssh to jail'ed system from the main system (in which is created jail) the connection is successful, but when i try to connect to jailed system from anywhere else i get this message: ssh: connect to host IP_NUMBER port 22: Operation timed out What can be wrong here? How to solve this problem?
2006 Apr 13
1
Prototyping for basejail distribuition
...uot;ruleset_name" flags="-l -U root" # # JAIL RC.CONF # sendmail_enable="NO" inetd_flags="-wW -a" rpcbind_enable="NO" network_interfaces="" # # FILES # copy_to_jail="/etc/localtime /etc/resolv.conf /etc/csh.cshrc /etc/csh.login" # # JAILS # jail_node01_rootdir="/usr/jail/node01" jail_node01_hostname="node01.example.com" jail_node01_ip="127.0.0.1 " jail_node02_rootdir="/usr/jail/node02" jail_node02_hostname="node02.example.com" jail_node02_ip="127.0.0.2 " ------- In this mo...
2019 Nov 13
2
"samba-tool backup offline" stuck
..., marked with a *) and gdb that to work out what > is the matter with it, and perhaps why it is in that situation. Hmm... I have no lslocks on FreeBSD; will lsof do? In case, here's an excerpt: > samba 72462 root txt VREG 4,1302659313 430080 32007 /usr/jails/dc/var/db/samba4/private/secrets.tdb > samba 72462 root 46u VREG 4,1302659313 430080 32007 /usr/jails/dc/var/db/samba4/private/secrets.tdb > smbd 72466 root txt VREG 4,1302659313 430080 32007 /usr/jails/dc/var/db/samba4/priv...
2004 Sep 07
6
shorewall in chroot jail
Hello, I would like to run other services like messaging services on my firewall machine too. Does it make sense to run shorewall, openvpn and the pppoe package in a chroot jail? And is it possible to run these programs as an other user? Ciao Hugo
2009 Jan 08
2
Problems with network in jail
Hi all, Is it mandatory to add device mem to jails to enable network via the gateway? Left ezjail with FreeBSD-6.3 (and a hardware replacement of my server) and am now starting again with FreeBSD-7.1. Early this week, I upgraded from 7.0 to 7.1 (not having 'used' jails on 7.0). After creating the jail with `ezjail-admin update -i` I cre...
2005 Jul 14
2
[ronvdaal@zarathustra.linux666.com: Possible security issue with FreeBSD 5.4 jailing and BPF]
This message was sent to bugtraq today: While playing around with FreeBSD 5.4 and jailing I discovered that it was possible to put an ethernet interface into promiscious mode from within the jailed environment, allowing a packetsniffer to gather data not meant for the jailed box. This also affects FreeBSD 5.3 (tested) but not FreeBSD 4.x This can be reproduced on boxes where BPF support is