Add a section to the jail chapter that explains why it is not

recommended to allow root users in the jail to access the host system. PR: docs/156853 Submitted by: crees Patch by: crees Approved by: re (kib) for BETA1
author: bcr <bcr@FreeBSD.org> 2011-07-28 11:41:55 +0000
committer: bcr <bcr@FreeBSD.org> 2011-07-28 11:41:55 +0000
commit: 62cb774cdbd45abdbc6a4233d409fa5fb4dde891 (patch)
tree: 174f798d148159ecfb8b1b6c8c4951dc7b8a9661 /usr.sbin/jail/jail.8
parent: ee93952251dbbb09e9931a1543cd34487adc0078 (diff)
download: FreeBSD-src-62cb774cdbd45abdbc6a4233d409fa5fb4dde891.zip
FreeBSD-src-62cb774cdbd45abdbc6a4233d409fa5fb4dde891.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8
index 8ed913a..41d0e46 100644
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@@ -34,7 +34,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd July 23, 2011
+.Dd July 28, 2011
 .Dt JAIL 8
 .Os
 .Sh NAME
@@ -914,3 +914,8 @@ directory that is moved out of the jail's chroot, then the process may gain
 access to the file space outside of the jail.
 It is recommended that directories always be copied, rather than moved, out
 of a jail.
+.Pp
+It is also not recommended that users allowed root in the jail be allowed
+access to the host system.
+For example, a root user in a jail can create a setuid root utility that
+could be run in the host system to achieve elevated privileges.
author	bcr <bcr@FreeBSD.org>	2011-07-28 11:41:55 +0000
committer	bcr <bcr@FreeBSD.org>	2011-07-28 11:41:55 +0000
commit	62cb774cdbd45abdbc6a4233d409fa5fb4dde891 (patch)
tree	174f798d148159ecfb8b1b6c8c4951dc7b8a9661 /usr.sbin/jail/jail.8
parent	ee93952251dbbb09e9931a1543cd34487adc0078 (diff)
download	FreeBSD-src-62cb774cdbd45abdbc6a4233d409fa5fb4dde891.zip FreeBSD-src-62cb774cdbd45abdbc6a4233d409fa5fb4dde891.tar.gz