diff --git a/en_US.ISO8859-1/books/handbook/jails/chapter.sgml b/en_US.ISO8859-1/books/handbook/jails/chapter.sgml index 9235c05033..bfa0ef32e7 100644 --- a/en_US.ISO8859-1/books/handbook/jails/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/jails/chapter.sgml @@ -240,7 +240,7 @@ the procedure for building a jail: &prompt.root; setenv D /here/is/the/jail -&prompt.root; mkdir -p -m 0700 $D +&prompt.root; mkdir -p $D &prompt.root; cd /usr/src &prompt.root; make buildworld &prompt.root; make installworld DESTDIR=$D @@ -261,16 +261,6 @@ of the &os; base system. - - It is important to restrict access to the jail from the host - system to ensure that i.e. setuid files created in the jail - are not usable in the host system; otherwise an attacker with root - access to the jail could create a setuid program in the jail and - execute it in the host. For similar reasons it is a bad idea to - share read/write nullfs mounts between - jails, although NFS is fine. - - If you have already rebuilt your userland using make world or make buildworld, @@ -677,7 +667,7 @@ jail_www_devfs_ruleset="www_ruleset - &prompt.root; mkdir -m 0700 /home/j && mkdir /home/j/mroot + &prompt.root; mkdir /home/j /home/j/mroot &prompt.root; cd /usr/src &prompt.root; make installworld DESTDIR=/home/j/mroot @@ -841,7 +831,7 @@ jail_www_devfs_enable="YES" job *and* have the advantage of being part of the base system of FreeBSD? --> - &prompt.root; mkdir -m 0700 /home/js + &prompt.root; mkdir /home/js &prompt.root; cpdup /home/j/skel /home/js/ns &prompt.root; cpdup /home/j/skel /home/js/mail &prompt.root; cpdup /home/j/skel /home/js/www