> Dumb question: the jail command can refuse to run unless the > parent of a jail root is 0700. Would that work? No kernel hack > required.
Haha, all talking about kernel hacks and so on, and yet, to me, that seems the simplest, but ALSO, the most elegent solution. I'd have some override flag that could be set for those who's jails are directly under an important folder, e.g. /usr/my-jail-name/ so that those unable to change straight away can set an rc/sysctl flag rather than have to hack the code.. Is this turning into a bikeshed discussion? _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
