https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285782
--- Comment #2 from Konstantin Belousov <k...@freebsd.org> --- I suspect this thing can be made into sort-of exploit if nested jails are enabled. There, you would replace the 'host' by upper jail, and the jail is created as subordinate of the upper jail. Then if a process in the sub- ordinate jail owns the file descriptor pointing to the directory that is moved out of the hierarchy of the sub-ord (and upper jail can do that), the process can escape into host namespace. -- You are receiving this mail because: You are the assignee for the bug.
