From owner-freebsd-hackers@FreeBSD.ORG  Sun Mar 13 17:47:07 2005
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B476016A4CE
	for <freebsd-hackers@freebsd.org>;
	Sun, 13 Mar 2005 17:47:07 +0000 (GMT)
Received: from avout2.midco.net (avout2.midco.net [24.220.0.101])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2A4D443D39
	for <freebsd-hackers@freebsd.org>;
	Sun, 13 Mar 2005 17:47:07 +0000 (GMT)
	(envelope-from freebsd-hackers@evilcode.net)
Received: (qmail 19405 invoked by uid 1010); 13 Mar 2005 17:47:06 -0000
Received: from freebsd-hackers@evilcode.net by avout2 by uid 1003 with
	qmail-scanner-1.22 
	(f-prot: 4.4.2/3.14.11.  Clear:RC:1(69.9.210.177):. 
	Processed in 0.072887 secs); 13 Mar 2005 17:47:06 -0000
X-Qmail-Scanner-Mail-From: freebsd-hackers@evilcode.net via avout2
X-Qmail-Scanner: 1.22 (Clear:RC:1(69.9.210.177):. Processed in 0.072887 secs)
Received: from host-177-210-9-69.midco.net (HELO [69.9.210.177])
	([69.9.210.177])
	(envelope-sender <freebsd-hackers@evilcode.net>)
	by avout2.midco.net (qmail-ldap-1.03) with SMTP
	for <freebsd-hackers@freebsd.org>; 13 Mar 2005 17:47:06 -0000
From: "Samuel J. Greear" <freebsd-hackers@evilcode.net>
Organization: Evilcode Corp.
To: freebsd-hackers@freebsd.org
Date: Sun, 13 Mar 2005 10:51:39 -0600
User-Agent: KMail/1.7.2
References: <1107178792.613.22.camel@spirit> <87d5u33j51.fsf@neva.vlink.ru>
	<42342C47.209@cis.strath.ac.uk>
In-Reply-To: <42342C47.209@cis.strath.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200503131051.40700.freebsd-hackers@evilcode.net>
cc: Denis Shaposhnikov <dsh@vlink.ru>
cc: security@revolutionsp.com
cc: Frank Knobbe <frank@knobbe.us>
cc: Chris Hodgins <chodgins@cis.strath.ac.uk>
Subject: Re: Idea about 'skeleton jail
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Mar 2005 17:47:07 -0000


Not a bad 'idea' at all, although I won't comment on semantics.  I had
something implemented using fs stacking (in a very hackish way, and I
believe it's lost now, so don't ask to see it...) to implement per-jail 
quota's that seemed to work quite well.

Sam

>
> This might be a very stupid idea but how about a jailfs.  Now I don't
> know all that much about filesystem design so bear with me.  How about
> something like this:
>
<snippay>
>
> SO the jail filesystem is configured at jail-creation time and uses the
> hosts files or jail files depending on the configuration.  Might have to
> pass the config file into the jail command.
>
> As I said I am not an expert.  Mabye one of the experts could let me
> know what they think?
>
> Chris