2017-05-17 15:07:52 UTC
I noticed that users can see jail processes even when
security.bsd.see_other_uids=0 and security.bsd.see_other_gids=0 are set,
if the process happens to be the same UID/GID as the user. So I created
a patch which adds a security.bsd.see_jail_proc sysctl which hides jail
processes from non-root users regardless of see_other_*. The patch is here:
Any feedback would be appreciated.