From 2846a5143f639fb603c40dca7dc5fa24418c0552 Mon Sep 17 00:00:00 2001
From: brueffer <brueffer@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Mon, 27 Apr 2009 20:38:27 +0000
Subject: [PATCH] Document an issue of jail(8) in conjunction with cpuset(1).

Problem reported by:	Miroslav Lachman <000.fbsd@quip.cz>
Reviewed by:	bz
Approved by:	re (kib)


git-svn-id: svn://svn.freebsd.org/base/releng/7.2@191598 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 usr.bin/cpuset/cpuset.1 | 6 ++++++
 usr.sbin/jail/jail.8    | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/usr.bin/cpuset/cpuset.1 b/usr.bin/cpuset/cpuset.1
index 0310793c..e468c1c5 100644
--- a/usr.bin/cpuset/cpuset.1
+++ b/usr.bin/cpuset/cpuset.1
@@ -177,3 +177,9 @@ command first appeared in
 .Fx 7.1 .
 .Sh AUTHORS
 .An Jeffrey Roberson Aq jeff@FreeBSD.org
+.Sh BUGS
+At the moment it is possible for a superuser inside a
+.Xr jail 8
+to modify the root
+.Xr cpuset 2
+of that jail.
diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8
index 3a0767e6..ffbd404b 100644
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@@ -699,3 +699,9 @@ Currently, the simplest answer is to minimize services
 offered on the host, possibly limiting it to services offered from
 .Xr inetd 8
 which is easily configurable.
+.Pp
+At the moment it is possible for a superuser inside a
+.Nm
+to modify the root
+.Xr cpuset 2
+of that jail.
-- 
2.42.0