Re: Processes started inside a jail are only visible outside the jail

Fri, 24 Feb 2006 10:38:29 -0800 

On 2/24/06, Ricardo A. Reis <[EMAIL PROTECTED]> wrote:
> Hi Vlad,
>
> See your sysctl.conf per this entries:
>
> sysctl -ad | grep bsd.see
> security.bsd.see_other_gids: Unprivileged processes may see
> subjects/objects with different real gid
> security.bsd.see_other_uids: Unprivileged processes may see
> subjects/objects with different real uid

    They were set to 0, indeed. But I ran "ps" in the jail as root. I
should be seeing that process. For all other processes it seems to
work as expected. Only lighttpd manifests this symptom.
    I had mac_seeotheruids active. When I deactivated it, the problem
went away. Strange ...



>
> Ricardo A. Reis
> UNIFESP
> Unix and Network Admin
>
> > 6.1-PRERELEASE
> >
> > Inside the jail:
> > [EMAIL PROTECTED] / # /usr/local/sbin/lighttpd -f 
> > /usr/local/etc/lighttpd.conf
> > [EMAIL PROTECTED] / #
> > [EMAIL PROTECTED] / # ps ax | grep light
> > 55816  p0  S+J    0:00.00 grep light
> > [EMAIL PROTECTED] / #
> >
> > Outside the jail:
> > [EMAIL PROTECTED] / # ps ax | grep light
> >  6263  ??  S      0:47.85 /usr/local/sbin/lighttpd -f
> > /usr/local/etc/lighttpd.conf
> > 81204  ??  SJ     0:00.01 /usr/local/sbin/lighttpd -f
> > /usr/local/etc/lighttpd.conf
> > 85151  pa  S+     0:00.00 grep light
> > [EMAIL PROTECTED] / #
> >
> >    There are two lighttpd instances - the host runs one as well. The
> > other one is the one started from within the jail.
> >    I don't know where to start investigating from.
> >
> > --
> > If it's there, and you can see it, it's real.
> > If it's not there, and you can see it, it's virtual.
> > If it's there, and you can't see it, it's transparent.
> > If it's not there, and you can't see it, you erased it.
> > _______________________________________________
> > freebsd-stable@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> > To unsubscribe, send any mail to "[EMAIL PROTECTED]"
> >
> >
>
>


--
If it's there, and you can see it, it's real.
If it's not there, and you can see it, it's virtual.
If it's there, and you can't see it, it's transparent.
If it's not there, and you can't see it, you erased it.
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to