aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristian Brueffer <brueffer@FreeBSD.org>2009-04-27 20:38:27 +0000
committerChristian Brueffer <brueffer@FreeBSD.org>2009-04-27 20:38:27 +0000
commitbbee93cbf5d500602bc24f6563ce78ad403c665e (patch)
treebb2e9267ff7471960ba4bebc384e984f2fb7188b
parent4679e4f9c4e6368971d14ab95d10e9184c5821c4 (diff)
downloadsrc-bbee93cbf5d500602bc24f6563ce78ad403c665e.tar.gz
src-bbee93cbf5d500602bc24f6563ce78ad403c665e.zip
Document an issue of jail(8) in conjunction with cpuset(1).
Problem reported by: Miroslav Lachman <000.fbsd@quip.cz> Reviewed by: bz Approved by: re (kib)
Notes
Notes: svn path=/releng/7.2/; revision=191598
-rw-r--r--usr.bin/cpuset/cpuset.16
-rw-r--r--usr.sbin/jail/jail.86
2 files changed, 12 insertions, 0 deletions
diff --git a/usr.bin/cpuset/cpuset.1 b/usr.bin/cpuset/cpuset.1
index 0310793c4f37..e468c1c562ed 100644
--- a/usr.bin/cpuset/cpuset.1
+++ b/usr.bin/cpuset/cpuset.1
@@ -177,3 +177,9 @@ command first appeared in
.Fx 7.1 .
.Sh AUTHORS
.An Jeffrey Roberson Aq jeff@FreeBSD.org
+.Sh BUGS
+At the moment it is possible for a superuser inside a
+.Xr jail 8
+to modify the root
+.Xr cpuset 2
+of that jail.
diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8
index 3a0767e66144..ffbd404bbb19 100644
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@@ -699,3 +699,9 @@ Currently, the simplest answer is to minimize services
offered on the host, possibly limiting it to services offered from
.Xr inetd 8
which is easily configurable.
+.Pp
+At the moment it is possible for a superuser inside a
+.Nm
+to modify the root
+.Xr cpuset 2
+of that jail.