Displaying 20 results from an estimated 4000 matches similar to: "FreeBSD Security Advisory FreeBSD-SA-07:01.jail"
2006 Dec 19
3
/etc/rc.d/jail: losing IPs if jail_x_interface set and syntax error in jails /etc/rc?
Hi *,
I recently triggered an error when setting up a jail-host: I configured
the jail(s) like evry jail I set up in the past:
On the jail-hosts /etc/rc.conf:
# ---- Jail-Globals ----
jail_enable="YES" # Set to NO to disable starting of any jails
jail_list="ftp mx1 relay" # Space separated list of names of jails
2003 Jul 12
5
jails, ipfilter & stunnel
I'm setting up a server where I plan to use Jails to improve security
I also have installed and am configuring ipfilter. Here are my
questions:
Because I'm using Jails, I will have to have multiple ip aliases on the
network interface. I will use ipfilter to specify what can go to each
of the addresses. (e.g., allow only incoming to port 80 on the jail
running apache).
Another
2008 Mar 28
3
Mounting devfs over to ZFS from fstab fails
Hello,
I have some jails running on ZFS, so I have to mount devfs's into them.
For this purpose, I have some similar lines in /etc/fstab:
devfs /pool/jail/ldap/dev devfs rw 0 0
Where /pool is a ZFS filesystem.
This has worked until today -when I upgraded from a previous 7-STABLE
(FreeBSD 7.0-STABLE #16: Fri Mar 7 14:30:08 CET 2008) to today's
STABLE- but not
2003 Apr 01
1
Jails and multihoming
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All,
are there any plans to allow FreeBSD jails to bind to more than one IP
address?
My scenario (virtual hosting) :
3 front-end hosts with 2 interfaces each, one on the public network, the
other on a private subnet.
1 back-end host, providing NFS mounts for the front-ends.
This scenarion is not uncommon in ISP environments, usually with a big
2005 May 24
1
Jail support for mac_portacl(4).
Hi.
When we don't have too many IP addresses available and we want to run
for example www server inside a jail, but use the same IP address as
the main system, we need to actually use an internal IP address and
forward http port with firewall from external IP to jail's IP.
In that way we know that if somebody breaks into out jail, he cannot
run sshd server (we have keys, I know) or any
2012 Nov 14
1
9.1-PRERELEASE jail_sysvipc_allow
I've instaled FreeBSD 9 for hosts some jails and setting
jail_sysvipc_allow="YES" in host rc.conf, why is
security.jail.sysvipc_allowed false in jail?
--
BSDCG: BSDA - Digium: dCAP
Electrical/Eletronic Engineer
http://www.nlink.com.br
+55 81 2121-6666
Cel:81 9727-6666
2004 Apr 20
1
[patch] Raw sockets in jails
Although RAW sockets can be used when specifying the source
address of packets (defeating one of the aspects of the jail)
some people may find it usefull to use utilities like ping(8)
or traceroute(8) from inside jails.
Enclosed is a patch I have written which gives you the option
of allowing prison-root to create raw sockets inside the prison,
so
2007 Mar 14
1
Check PRIV_VFS_MOUNT when jailed.
Hi.
I'd like to commit this patch:
http://people.freebsd.org/~pjd/patches/vfs_mount.c.9.patch
It currently should change nothing, but will be needed once we allow to
grant privileges for jails. I'd like to commit it now, so I can
experiment easier with my ZFS improvements.
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd@FreeBSD.org
2005 Aug 18
4
Closing information leaks in jails?
Hello,
I'm wondering about closing some information leaks in FreeBSD jails from
the "outside world".
Not that critical (depends on the application), but a simple user, with
restricted devfs in the jail (devfsrules_jail for example from
/etc/defaults/devfs.rules) can figure out the following:
- network interfaces related data, via ifconfig, which contains
everything, but the
2003 Aug 15
0
[PATCH] jail NG schript patch for mounting devfs and procfsautomatically
On 14.08.2003 15:36, Scot W. Hetzel wrote:
> I just noticed a problem with periodic scripts inside a jail. I'm getting:
>
> Local system status:
> tee: /dev/stderr: Operation not supported
>
> Mail in local queue:
> tee: /dev/stderr: Operation not supported
>
> Mail in submit queue:
> tee: /dev/stderr: Operation not supported
>
> in the periodic daily,
2007 Jan 11
0
FreeBSD Security Advisory FreeBSD-SA-07:01.jail
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-07:01.jail Security Advisory
The FreeBSD Project
Topic: Jail rc.d script privilege escalation
Category: core
Module: etc_rc.d
Announced:
2009 Jan 08
2
Problems with network in jail
Hi all,
Is it mandatory to add device mem to jails to enable network via the gateway?
Left ezjail with FreeBSD-6.3 (and a hardware replacement of my server)
and am now starting again with FreeBSD-7.1.
Early this week, I upgraded from 7.0 to 7.1 (not having 'used' jails
on 7.0). After creating the jail with
`ezjail-admin update -i`
I created a 'ports build' jail
`ezjail-admin
2006 Apr 13
1
Prototyping for basejail distribuition
Hi,
I attach 2 files in this email, the first is a Makefile and the second is
jail.conf.
For demonstre my idea i resolved create one "Pseudo Prototyping", for test
is necessary:
1 - Create dir /usr/local/basejail
2 - Copy Makefile to /usr/local/basejail
3 - Copy jail.conf to /etc
4 - The initial basejail is precompiled is distributed in CD1,
for simular basejail is necessary a
2007 Aug 01
0
FreeBSD Security Advisory FreeBSD-SA-07:01.jail [REVISED]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-07:01.jail Security Advisory
The FreeBSD Project
Topic: Jail rc.d script privilege escalation
Category: core
Module: etc_rc.d
Announced:
2007 Aug 01
0
FreeBSD Security Advisory FreeBSD-SA-07:01.jail [REVISED]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-07:01.jail Security Advisory
The FreeBSD Project
Topic: Jail rc.d script privilege escalation
Category: core
Module: etc_rc.d
Announced:
2003 Sep 10
2
jail + postgresql + System V IPC
HI everyone,
I have resently installed a jail environment on my freebsd box, and had some
problems getting postgresql running under it.
After looking a bit on various mailinglists i figured out that I needed to
set jail.sysvipc_allowed to be 1 using sysctl in order to make postgresql
run.
However man jail gives me:
jail.sysvipc_allowed
This MIB entry determines whether or not
2003 Jul 10
2
jail performance questions
I'm thinking of using jails to improve security on a server
I am setting up. Specifically, I would like to put Apache/PHP
in a jail, but I might like to set up 2-3 different jails for
different purposes.
I've found several examples showing how to set the jails up.
My questions involve system requirements. Assuming plenty of
disk space, 1GB ram and a dual processor PIII 1.13Ghz
2006 Mar 07
3
Jails and loopback interfaces
Hi,
Running: Freebsd 6.0
I am wondering if it is possible to have acces to loopback ip in a jail. I
currently have a server running a jail. In the jail, there is a database and a
web server. I would like to be able to have the database only bind on a
loopback address and not on the jail's ip.
Can this be done and how?
Thanks
-Cyril
2003 Dec 19
6
Configuring JAIL to bind on lo0 interface
Hello,
I have configured jail for users with sshd ftpd and auth. I started this
jail on IP 127.0.0.10(there is an alias on lo0 interface), there was
not any bigger problem to start it. But i have a problem with internet in
this jail. I can log in to this jail through ssh or ftpd but i can't
connect to the internet. I try to set up some kind of nat but it doesn't
work.
Can anybody help me
2020 Jul 30
2
NTP and FreeBSD jails
FreeBSD-12.1p7
Samab-4.10.15 running in FreeBSD Jail
I just wish to ensure that my conclusion respecting Samba, FreeBSD Jails, and
NTP is correct.
1. Unless configured otherwise Windows domain clients will query and obtain
their time from the samba_server DC.
2. Samba_server obtains its time from the OS, in this case a FreeBSD Jail.
3. FreeBSD Jails get their time from their host.
4. If