From owner-freebsd-rc@FreeBSD.ORG Mon Feb 16 11:06:58 2009 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6993310656C1 for ; Mon, 16 Feb 2009 11:06:58 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 535D38FC22 for ; Mon, 16 Feb 2009 11:06:58 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n1GB6w27096251 for ; Mon, 16 Feb 2009 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n1GB6vXu096247 for freebsd-rc@FreeBSD.org; Mon, 16 Feb 2009 11:06:57 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 16 Feb 2009 11:06:57 GMT Message-Id: <200902161106.n1GB6vXu096247@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-rc@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-rc@FreeBSD.org X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2009 11:07:00 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/130414 rc [patch] rc services started with onestart are not stop o conf/128299 rc [patch] /etc/rc.d/geli does not mount partitions using o conf/127917 rc [patch] dumpon rejects on start with physmem>swap even o bin/126562 rc rcorder(8) fails to run unrelated startup scripts when o conf/126392 rc [patch] rc.conf ifconfig_xx keywords cannot be escaped o bin/126324 rc [patch] rc.d/tmp: Prevent mounting /tmp in second tim o conf/124747 rc [patch] savecore can't create dump from encrypted swap o conf/124248 rc [patch] add support for nice value for rc.d/jail + rc. o conf/123734 rc [patch] Chipset VIA CX700 requires extra initializatio o conf/123222 rc [patch] Add rtprio(1)/idprio(1) support to rc.subr(8). o conf/122477 rc [patch] /etc/rc.d/mdconfig and mdconfig2 are ignoring o conf/122170 rc [patch] [request] New feature: notify admin via page o o conf/122036 rc [rc.d]: Mounting at boot with ZFS causes a halt in boo o kern/121566 rc [nfs] [request] [patch] ethernet iface should be broug o conf/120431 rc [patch] devfs.rules are not initialized under certain o conf/120406 rc [devd] [patch] Handle newly attached pcm devices (eg. o conf/120228 rc [zfs] [patch] Split ZFS volume startup / ease ZFS swap o conf/120194 rc [patch] UFS volumes on ZVOLs cannot be fsck'd at boot o conf/119874 rc [patch] "/etc/rc.d/pf reload" fails if there are macro o conf/119076 rc [patch] [rc.d] /etc/rc.d/netif tries to remove alias a o bin/118325 rc [patch] [request] new periodic script to test statuses o conf/118255 rc savecore never finding kernel core dumps (rcorder prob o conf/117935 rc [patch] ppp fails to start at boot because of missing o conf/113915 rc [patch] ndis wireless driver fails to associate when i o conf/109980 rc /etc/rc.d/netif restart doesn't destroy cloned_interfa o conf/109562 rc [rc.d] [patch] [request] Make rc.d/devfs usable from c o conf/106009 rc [ppp] [patch] [request] Fix pppoed startup script to p o conf/105689 rc [ppp] [request] syslogd starts too late at boot o conf/105568 rc [patch] [request] Add more flexibility to rc.conf, to o conf/105145 rc [ppp] [patch] [request] add redial function to rc.d/pp o conf/104549 rc [patch] rc.d/nfsd needs special _find_processes functi o conf/102700 rc [geli] [patch] Add encrypted /tmp support to GELI/GBDE o conf/99721 rc [patch] /etc/rc.initdiskless problem copy dotfile in s o conf/99444 rc [patch] Enhancement: rc.subr could easily support star o conf/96343 rc [patch] rc.d order change to start inet6 before pf o conf/93815 rc [patch] Adds in the ability to save ipfw rules to rc.d o conf/92523 rc [patch] allow rc scripts to kill process after a timeo o conf/89870 rc [patch] [request] make netif verbose rc.conf toggle o conf/89061 rc [patch] IPv6 6to4 auto-configuration enhancement o conf/88913 rc [patch] wrapper support for rc.subr o conf/85819 rc [patch] script allowing multiuser mode in spite of fsc o kern/81006 rc ipnat not working with tunnel interfaces on startup o conf/77663 rc Suggestion: add /etc/rc.d/addnetswap after addcritremo o conf/73677 rc [patch] add support for powernow states to power_profi o conf/58939 rc [patch] dumb little hack for /etc/rc.firewall{,6} o conf/56934 rc [patch] rc.firewall rules for natd expect an interface o conf/45226 rc [patch] Fix for rc.network, ppp-user annoyance o conf/44170 rc [patch] Add ability to run multiple pppoed(8) on start 48 problems total. From owner-freebsd-rc@FreeBSD.ORG Tue Feb 17 04:30:06 2009 Return-Path: Delivered-To: freebsd-rc@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6BBFD1065673 for ; Tue, 17 Feb 2009 04:30:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 3F00D8FC15 for ; Tue, 17 Feb 2009 04:30:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n1H4U6mu089640 for ; Tue, 17 Feb 2009 04:30:06 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n1H4U5Dx089636; Tue, 17 Feb 2009 04:30:05 GMT (envelope-from gnats) Date: Tue, 17 Feb 2009 04:30:05 GMT Message-Id: <200902170430.n1H4U5Dx089636@freefall.freebsd.org> To: freebsd-rc@FreeBSD.org From: Yoshihiro Ota Cc: Subject: Re: conf/128299: [patch] /etc/rc.d/geli does not mount partitions using both journal and eli X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Yoshihiro Ota List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2009 04:30:06 -0000 The following reply was made to PR conf/128299; it has been noted by GNATS. From: Yoshihiro Ota To: bug-followup@FreeBSD.org, mb@tns.cz Cc: Subject: Re: conf/128299: [patch] /etc/rc.d/geli does not mount partitions using both journal and eli Date: Mon, 16 Feb 2009 23:22:43 -0500 Hi, Martin. I think a patch at http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/120091 fixes your porblem, too. Do you mind if you try and report it? Thanks, Hiro From owner-freebsd-rc@FreeBSD.ORG Tue Feb 17 09:10:02 2009 Return-Path: Delivered-To: freebsd-rc@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DBF1A106567E for ; Tue, 17 Feb 2009 09:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C9C4D8FC17 for ; Tue, 17 Feb 2009 09:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n1H9A2Sc037869 for ; Tue, 17 Feb 2009 09:10:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n1H9A2jK037868; Tue, 17 Feb 2009 09:10:02 GMT (envelope-from gnats) Date: Tue, 17 Feb 2009 09:10:02 GMT Message-Id: <200902170910.n1H9A2jK037868@freefall.freebsd.org> To: freebsd-rc@FreeBSD.org From: Martin Beran Cc: Subject: Re: conf/128299: [patch] /etc/rc.d/geli does not mount partitions using both journal and eli X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Martin Beran List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2009 09:10:03 -0000 The following reply was made to PR conf/128299; it has been noted by GNATS. From: Martin Beran To: bug-followup@FreeBSD.org, Yoshihiro Ota Cc: Subject: Re: conf/128299: [patch] /etc/rc.d/geli does not mount partitions using both journal and eli Date: Tue, 17 Feb 2009 09:50:13 +0100 On Mon, Feb 16, 2009 at 11:22:43PM -0500, Yoshihiro Ota wrote: Hi, Hiro, > I think a patch at http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/120091 > fixes your porblem, too. > > Do you mind if you try and report it? I tried the patch. It solves the second half of the problem - mounting a DEVICE.eli.journal. But for successful mount of both DEVICE.eli.journal and DEVICE.journal.eli, I still need my patch for /etc/rc.d/geli and /etc/rc.d/geli2. Otherwise, I get: eval: ${geli_ad0s2d....}: Bad substitution Running "sh -x /etc/rc.d/geli start" reveals the reason of this error: ... + geli_expand_entry /dev/ad0s2d.journal.eli + local devices3 + local entry dev tail + tail=/dev/ad0s2d.journal.eli + true + dev=/dev/ad0s2d.journal.eli + devices3= /dev/ad0s2d.journal.eli + tail= + break + dev= + echo /dev/ad0s2d.journal.eli + devices=/dev/ad0s2d.journal.eli + provider=/dev/ad0s2d.journal + provider=ad0s2d.journal + devices2= ad0s2d.journal + echo ad0s2d.journal + devices=ad0s2d.journal + [ -z ] + [ -n ] + /sbin/sysctl -n kern.geom.eli.tries + geli_tries=3 + ltr ad0s2d.journal / _ + local _str _src _dst _out _com + _str=ad0s2d.journal + _src=/ + _dst=_ + _out= + IFS=/ + [ -z ] + _out=ad0s2d.journal + echo ad0s2d.journal + provider_=ad0s2d.journal + eval flags=${geli_ad0s2d.journal_flags} eval: ${geli_ad0s2d....}: Bad substitution -- Martin Beran From owner-freebsd-rc@FreeBSD.ORG Fri Feb 20 01:16:31 2009 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3DBEE106564A; Fri, 20 Feb 2009 01:16:31 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.delphij.net (delphij-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:2c9::2]) by mx1.freebsd.org (Postfix) with ESMTP id D44E68FC15; Fri, 20 Feb 2009 01:16:30 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [211.166.10.233]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by tarsier.delphij.net (Postfix) with ESMTPS id BC8EC28448; Fri, 20 Feb 2009 09:16:29 +0800 (CST) Received: from localhost (tarsier.geekcn.org [211.166.10.233]) by tarsier.geekcn.org (Postfix) with ESMTP id 41DEFEB0B17; Fri, 20 Feb 2009 09:16:29 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([211.166.10.233]) by localhost (mail.geekcn.org [211.166.10.233]) (amavisd-new, port 10024) with ESMTP id KqcOJLzh4o8y; Fri, 20 Feb 2009 09:16:24 +0800 (CST) Received: from charlie.delphij.net (adsl-76-237-33-62.dsl.pltn13.sbcglobal.net [76.237.33.62]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTPSA id 44A9FEB0924; Fri, 20 Feb 2009 09:16:22 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:reply-to:organization:user-agent: mime-version:to:cc:subject:references:in-reply-to: x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=lWCc7XW7ykv7n7cIw5SRqJEgVxapGmI96/3jcrhDU66BGmclKslIIHZDW+rh7qCJR qRDxXas4AFepAHuFpTzXg== Message-ID: <499E0463.2070608@delphij.net> Date: Thu, 19 Feb 2009 17:16:19 -0800 From: Xin LI Organization: The FreeBSD Project User-Agent: Thunderbird 2.0.0.19 (X11/20090217) MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <499244E6.9030205@delphij.net> <20090212122419.Q53478@maildrop.int.zabbadoz.net> In-Reply-To: <20090212122419.Q53478@maildrop.int.zabbadoz.net> X-Enigmail-Version: 0.95.7 OpenPGP: id=18EDEBA0; url=http://www.delphij.net/delphij.asc Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-rc@FreeBSD.org, freebsd-jail@freebsd.org, d@delphij.net, FreeBSD Current Subject: Re: [RFC] Skeleton jail (rc.d feature proposal) X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2009 01:16:31 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Bjoern, Bjoern A. Zeeb wrote: [...] > I do not have the following two on most/any of my machines: > >> usr/src >> usr/obj I agree. > The correct way to do this I think would leave rc.d/jail untouched and > (pre-)populate an /etc/fstab. and use that. I do not think this is a very good approach for this use case. Making it an rc.conf option, enables the following tasks as a one-liner change: - Enabling/Disabling skeleton jail (how will the system perform if I have the template directories read-only?); - Switching template root (what will happen if switch from 7.1 userland to 7.2 userland?); - Change mount points within all jails. I do admit that all these can be done with scripts though. Cheers, - -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (FreeBSD) iEYEARECAAYFAkmeBGIACgkQi+vbBBjt66A4GgCgsBo4b6PNTVDX3/3SCyv/ezXI 6+wAn2KZFdazhFjyyf0RPFHP6+8YpyPS =rHFi -----END PGP SIGNATURE----- From owner-freebsd-rc@FreeBSD.ORG Fri Feb 20 02:20:11 2009 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4CCAA106566C; Fri, 20 Feb 2009 02:20:11 +0000 (UTC) (envelope-from quakelee@geekcn.org) Received: from tarsier.delphij.net (delphij-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:2c9::2]) by mx1.freebsd.org (Postfix) with ESMTP id DE16F8FC17; Fri, 20 Feb 2009 02:20:09 +0000 (UTC) (envelope-from quakelee@geekcn.org) Received: from tarsier.geekcn.org (tarsier.geekcn.org [211.166.10.233]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by tarsier.delphij.net (Postfix) with ESMTPS id A12D628449; Fri, 20 Feb 2009 10:20:08 +0800 (CST) Received: from localhost (tarsier.geekcn.org [211.166.10.233]) by tarsier.geekcn.org (Postfix) with ESMTP id 2FC45EB0A49; Fri, 20 Feb 2009 10:20:08 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([211.166.10.233]) by localhost (mail.geekcn.org [211.166.10.233]) (amavisd-new, port 10024) with ESMTP id wQ1KJQthCnK4; Fri, 20 Feb 2009 10:20:03 +0800 (CST) Received: from qld630 (unknown [219.142.100.201]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTPSA id D2C16EB0947; Fri, 20 Feb 2009 10:20:02 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=geekcn.org; c=nofws; q=dns; h=date:to:subject:from:organization:cc:content-type: mime-version:references:content-transfer-encoding:message-id:in-reply-to:user-agent; b=TeBvowhwQ+umOE8j+V/60PdMIpz8ZHw7nfK2ggkVnzJSkbR88Gl27kkHzmqU+NxOG b11zyNX7ZKOj0+QlOqx8Q== Date: Fri, 20 Feb 2009 10:20:01 +0800 To: d@delphij.net, "Bjoern A. Zeeb" From: "Chao Shin" Organization: GeekCN Content-Type: text/plain; format=flowed; delsp=yes; charset=utf-8 MIME-Version: 1.0 References: <499244E6.9030205@delphij.net> <20090212122419.Q53478@maildrop.int.zabbadoz.net> <499E0463.2070608@delphij.net> Content-Transfer-Encoding: 8bit Message-ID: In-Reply-To: <499E0463.2070608@delphij.net> User-Agent: Opera Mail/9.62 (Win32) Cc: freebsd-jail@freebsd.org, freebsd-rc@freebsd.org, FreeBSD Current Subject: Re: [RFC] Skeleton jail (rc.d feature proposal) X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2009 02:20:11 -0000 在 Fri, 20 Feb 2009 09:16:19 +0800,Xin LI 写道: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, Bjoern, > > Bjoern A. Zeeb wrote: > [...] >> I do not have the following two on most/any of my machines: >> >>> usr/src >>> usr/obj > > I agree. > >> The correct way to do this I think would leave rc.d/jail untouched and >> (pre-)populate an /etc/fstab. and use that. > > I do not think this is a very good approach for this use case. > > Making it an rc.conf option, enables the following tasks as a one-liner > change: > - Enabling/Disabling skeleton jail (how will the system perform if I > have the template directories read-only?); > - Switching template root (what will happen if switch from 7.1 userland > to 7.2 userland?); > - Change mount points within all jails. > > I do admit that all these can be done with scripts though. > > Cheers, > - -- > Xin LI http://www.delphij.net/ > FreeBSD - The Power to Serve! > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.10 (FreeBSD) > > iEYEARECAAYFAkmeBGIACgkQi+vbBBjt66A4GgCgsBo4b6PNTVDX3/3SCyv/ezXI > 6+wAn2KZFdazhFjyyf0RPFHP6+8YpyPS > =rHFi > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to > "freebsd-current-unsubscribe@freebsd.org" I think I like Li Xin's way. I have set a jail host in my company with Li Xin's patch, it didn't change the usage of original jail system, just add a make target in /usr/src/Makefile, I can use skeleton jail and original jail in one jail host. They have not much differents in rc.conf, if want skeleton, I just add two options with normal settings. It is compatible way with orignal design. quakelee -- The Power to Serve From owner-freebsd-rc@FreeBSD.ORG Fri Feb 20 19:23:15 2009 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0C89D1065694; Fri, 20 Feb 2009 19:23:15 +0000 (UTC) (envelope-from simon@nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.freebsd.org (Postfix) with ESMTP id BBAA78FC21; Fri, 20 Feb 2009 19:23:14 +0000 (UTC) (envelope-from simon@nitro.dk) Received: from arthur.nitro.dk (arthur.bofh [192.168.2.3]) by mx.nitro.dk (Postfix) with ESMTP id 1A8AE2E6821; Fri, 20 Feb 2009 19:23:14 +0000 (UTC) Received: by arthur.nitro.dk (Postfix, from userid 1000) id 025095C6A; Fri, 20 Feb 2009 20:23:13 +0100 (CET) Date: Fri, 20 Feb 2009 20:23:13 +0100 From: "Simon L. Nielsen" To: d@delphij.net Message-ID: <20090220192312.GD1064@arthur.nitro.dk> References: <499244E6.9030205@delphij.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <499244E6.9030205@delphij.net> User-Agent: Mutt/1.5.19 (2009-01-05) Cc: freebsd-jail@FreeBSD.org, FreeBSD Current , freebsd-rc@FreeBSD.org Subject: Re: [RFC] Skeleton jail (rc.d feature proposal) X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2009 19:23:16 -0000 On 2009.02.10 19:24:22 -0800, Xin LI wrote: > Ok, some local users has prodded me in committing the "skeleton jail" > feature, I find it useful myself but not sure if it's appropriate to > commit it against -HEAD, so I'd like to explain it, try to present it in This complicates an already complicated etc/rc.d/jail script so I think this is a very bad idea. rc.d/jail is already interesting enough security wise as it is IMO. If anyone wants this very much think it should be done in an "external" (to etc/rc.d/jail) jail management system/script. Personally I have been very happy with ezjail, and I think having a script like that "externally" is a much better way to go. If that means importing ezjail or making something like it I don't know. -- Simon L. Nielsen