From owner-freebsd-hackers  Tue Nov  9  5:41:36 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131])
	by hub.freebsd.org (Postfix) with ESMTP id 6757914FD9
	for <freebsd-hackers@FreeBSD.ORG>; Tue,  9 Nov 1999 05:41:25 -0800 (PST)
	(envelope-from phk@critter.freebsd.dk)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.9.3/8.9.2) with ESMTP id OAA23739;
	Tue, 9 Nov 1999 14:41:04 +0100 (CET)
	(envelope-from phk@critter.freebsd.dk)
To: Jamie Bowden <ragnar@sysabend.org>
Cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: Should jail treat ip-number? 
In-reply-to: Your message of "Tue, 09 Nov 1999 05:29:51 PST."
             <Pine.BSF.4.10.9911090527520.39794-100000@moo.sysabend.org> 
Date: Tue, 09 Nov 1999 14:41:04 +0100
Message-ID: <23737.942154864@critter.freebsd.dk>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <Pine.BSF.4.10.9911090527520.39794-100000@moo.sysabend.org>, Jamie Bowden
 writes:
>
>-security stripped
>
>On Tue, 9 Nov 1999, Poul-Henning Kamp wrote:
>
>:In message <19991109125445E.shin@nd.net.fujitsu.co.jp>, Yoshinobu Inoue writes:
>
>:>(2)What is the goal of the restriction?
>
>:To isolate people in the jail from the "real" machine and from
>:other jails.
>
>What does jail do that chroot doesn't?  I've seen several discussions on
>jail on -hackers, but no explanation of why it was implemented, or how
>it's different from chroot.

1. All tcp/ip forced to use a particular IP#.  This allows you to have
   several inetd/sendmail/apache running, one per jail.

2. Many things which root can normally do cannot be done if root is jailed.

--
Poul-Henning Kamp             FreeBSD coreteam member
phk@FreeBSD.ORG               "Real hackers run -current on their laptop."
FreeBSD -- It will take a long time before progress goes too far!


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message