Revert 1.23:
Various people voiced their concerns about these changes. Until this is resolved, we should use the old version.
This commit is contained in:
Benedict Reuschling
parent
a79c1cdd91
commit
567ff5ea36
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=37233
1 changed files with 3 additions and 13 deletions
|
|
@ -240,7 +240,7 @@
|
|||
the procedure for building a jail:</para>
|
||||
|
||||
<screen>&prompt.root; <userinput>setenv D <replaceable>/here/is/the/jail</replaceable></userinput>
|
||||
&prompt.root; <userinput>mkdir -p -m 0700 $D</userinput> <co id="jailpath"> <co id="chmod">
|
||||
&prompt.root; <userinput>mkdir -p $D</userinput> <co id="jailpath">
|
||||
&prompt.root; <userinput>cd /usr/src</userinput>
|
||||
&prompt.root; <userinput>make buildworld</userinput> <co id="jailbuildworld">
|
||||
&prompt.root; <userinput>make installworld DESTDIR=$D</userinput> <co id="jailinstallworld">
|
||||
|
|
@ -261,16 +261,6 @@
|
|||
of the &os; base system.</para>
|
||||
</callout>
|
||||
|
||||
<callout arearefs="chmod">
|
||||
<para>It is important to restrict access to the jail from the host
|
||||
system to ensure that i.e. setuid files created in the jail
|
||||
are not usable in the host system; otherwise an attacker with root
|
||||
access to the jail could create a setuid program in the jail and
|
||||
execute it in the host. For similar reasons it is a bad idea to
|
||||
share read/write <application>nullfs</application> mounts between
|
||||
jails, although <application>NFS</application> is fine.</para>
|
||||
</callout>
|
||||
|
||||
<callout arearefs="jailbuildworld">
|
||||
<para>If you have already rebuilt your userland using
|
||||
<command>make world</command> or <command>make buildworld</command>,
|
||||
|
|
@ -677,7 +667,7 @@ jail_<replaceable>www</replaceable>_devfs_ruleset="<replaceable>www_ruleset</rep
|
|||
install the read-only file system to the jail
|
||||
template:</para>
|
||||
|
||||
<screen>&prompt.root; <userinput>mkdir -m 0700 /home/j && mkdir /home/j/mroot</userinput>
|
||||
<screen>&prompt.root; <userinput>mkdir /home/j /home/j/mroot</userinput>
|
||||
&prompt.root; <userinput>cd /usr/src</userinput>
|
||||
&prompt.root; <userinput>make installworld DESTDIR=/home/j/mroot</userinput></screen>
|
||||
</step>
|
||||
|
|
@ -841,7 +831,7 @@ jail_www_devfs_enable="YES"</programlisting>
|
|||
job *and* have the advantage of being part of the base
|
||||
system of FreeBSD? -->
|
||||
|
||||
<screen>&prompt.root; <userinput>mkdir -m 0700 /home/js</userinput>
|
||||
<screen>&prompt.root; <userinput>mkdir /home/js</userinput>
|
||||
&prompt.root; <userinput>cpdup /home/j/skel /home/js/ns</userinput>
|
||||
&prompt.root; <userinput>cpdup /home/j/skel /home/js/mail</userinput>
|
||||
&prompt.root; <userinput>cpdup /home/j/skel /home/js/www</userinput></screen>
|
||||
|
|
|
|||
Loading…
Reference in a new issue