xorquew...@googlemail.com wrote:
On 2009-11-30 15:43:01, Ivan Voras wrote:
xorquew...@googlemail.com wrote:
76030 initial thread STRU struct sockaddr { AF_LOCAL,
/tmp/jack-11001/default/jack_0 }
76030 initial thread NAMI "/tmp/jack-11001/default/jack_0"
76030 initial thread RET connect -1 errno 61 Connection refused
I would expect to see this result from the jail since it's obviously a
Bad Idea, but does it work from the same (host) machine without the jail
in between (i.e. just the nullfs, no jails)?
Hm, yes, you're right. It does work without a jail involved.
What's the sane solution, then, when the only method of communication
is unix domain sockets?
It is a security problem. I think the long-term solution would be to add
a sysctl analogous to security.jail.param.securelevel to handle this.
I don't think there is a workaround right now.
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
