Re: Jailed X applications
- From: Alexander Leidinger <Alexander@xxxxxxxxxxxxx>
- Date: Fri, 17 Aug 2007 10:07:36 +0200
Quoting mal content <artifact.one@xxxxxxxxxxxxxx> (from Fri, 17 Aug 2007 06:10:39 +0100):
This is better suited for freebsd-jail@ (CCed), please remove freebsd-security@ on reply to move the discussion there.
Has anyone here ever successfully set up a jail for X apps, connecting
to an external X server? I'm trying an experimental sandbox setup here.
I have my X server itself in a jail (needs a kernel patch and some devfs rules), and in the past connected to a jail and started a X11 programm there... IIRC.
I have a jail running on an aliased IP on my local machine and X
programs connect out of the jail to my local X server via an SSH
tunneled TCP connection. All other packets to and from the jail are
denied by the packet filter. The trouble I am having is that many
applications (all X apps so far and a few of the SSH tools) try to open
and read from /dev/tty, which clearly isn't going to happen:
ssh uses a tty (pty?), but normally you have some in a jail. How do you start the jail? There should be devfs mounted in the jail.
Bye,
Alexander.
--
"How do I love thee? My accumulator overflows."
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- References:
- Jailed X applications
- From: mal content
- Jailed X applications
- Prev by Date: Jailed X applications
- Next by Date: RELENG_6_2 EoL Date?
- Previous by thread: Jailed X applications
- Next by thread: RELENG_6_2 EoL Date?
- Index(es):
Relevant Pages
|
|
