On 2/24/06, Vlad GALU <[EMAIL PROTECTED]> wrote:
> On 2/24/06, Ricardo A. Reis <[EMAIL PROTECTED]> wrote:
> > Hi Vlad,
> >
> > See your sysctl.conf per this entries:
> >
> > sysctl -ad | grep bsd.see
> > security.bsd.see_other_gids: Unprivileged processes may see
> > subjects/objects with different real gid
> > security.bsd.see_other_uids: Unprivileged processes may see
> > subjects/objects with different real uid
>
> They were set to 0, indeed. But I ran "ps" in the jail as root. I
> should be seeing that process. For all other processes it seems to
> work as expected. Only lighttpd manifests this symptom.
> I had mac_seeotheruids active. When I deactivated it, the problem
> went away. Strange ...
I changed my settings as follows:
-- cut here --
security.mac.seeotheruids.specificgid: 0
security.mac.seeotheruids.specificgid_enabled: 1
security.mac.seeotheruids.primarygroup_enabled: 0
security.mac.seeotheruids.enabled: 1
-- and here --
Now root can see all processes, even within the jail.
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
