Re: Jailed X applications

看板FB_security作者時間18年前 (2007/08/17 19:31), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串2/2 (看更多)
Quoting mal content <artifact.one@googlemail.com> (from Fri, 17 Aug =20 2007 06:10:39 +0100): This is better suited for freebsd-jail@ (CCed), please remove =20 freebsd-security@ on reply to move the discussion there. > Has anyone here ever successfully set up a jail for X apps, connecting > to an external X server? I'm trying an experimental sandbox setup here. I have my X server itself in a jail (needs a kernel patch and some =20 devfs rules), and in the past connected to a jail and started a X11 =20 programm there... IIRC. > I have a jail running on an aliased IP on my local machine and X > programs connect out of the jail to my local X server via an SSH > tunneled TCP connection. All other packets to and from the jail are > denied by the packet filter. The trouble I am having is that many > applications (all X apps so far and a few of the SSH tools) try to open > and read from /dev/tty, which clearly isn't going to happen: ssh uses a tty (pty?), but normally you have some in a jail. How do =20 you start the jail? There should be devfs mounted in the jail. Bye, Alexander. --=20 "How do I love thee? My accumulator overflows." http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137 _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 Alexander. 的文章
文章代碼(AID): #16nOSc00 (FB_security)
更多 Alexander. 的文章
文章代碼(AID): #16nOSc00 (FB_security)