From owner-freebsd-current@FreeBSD.ORG Fri Feb 20 01:16:31 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3DBEE106564A; Fri, 20 Feb 2009 01:16:31 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.delphij.net (delphij-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:2c9::2]) by mx1.freebsd.org (Postfix) with ESMTP id D44E68FC15; Fri, 20 Feb 2009 01:16:30 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [211.166.10.233]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by tarsier.delphij.net (Postfix) with ESMTPS id BC8EC28448; Fri, 20 Feb 2009 09:16:29 +0800 (CST) Received: from localhost (tarsier.geekcn.org [211.166.10.233]) by tarsier.geekcn.org (Postfix) with ESMTP id 41DEFEB0B17; Fri, 20 Feb 2009 09:16:29 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([211.166.10.233]) by localhost (mail.geekcn.org [211.166.10.233]) (amavisd-new, port 10024) with ESMTP id KqcOJLzh4o8y; Fri, 20 Feb 2009 09:16:24 +0800 (CST) Received: from charlie.delphij.net (adsl-76-237-33-62.dsl.pltn13.sbcglobal.net [76.237.33.62]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTPSA id 44A9FEB0924; Fri, 20 Feb 2009 09:16:22 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:reply-to:organization:user-agent: mime-version:to:cc:subject:references:in-reply-to: x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=lWCc7XW7ykv7n7cIw5SRqJEgVxapGmI96/3jcrhDU66BGmclKslIIHZDW+rh7qCJR qRDxXas4AFepAHuFpTzXg== Message-ID: <499E0463.2070608@delphij.net> Date: Thu, 19 Feb 2009 17:16:19 -0800 From: Xin LI Organization: The FreeBSD Project User-Agent: Thunderbird 2.0.0.19 (X11/20090217) MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <499244E6.9030205@delphij.net> <20090212122419.Q53478@maildrop.int.zabbadoz.net> In-Reply-To: <20090212122419.Q53478@maildrop.int.zabbadoz.net> X-Enigmail-Version: 0.95.7 OpenPGP: id=18EDEBA0; url=http://www.delphij.net/delphij.asc Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-rc@FreeBSD.org, freebsd-jail@freebsd.org, d@delphij.net, FreeBSD Current Subject: Re: [RFC] Skeleton jail (rc.d feature proposal) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2009 01:16:31 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Bjoern, Bjoern A. Zeeb wrote: [...] > I do not have the following two on most/any of my machines: > >> usr/src >> usr/obj I agree. > The correct way to do this I think would leave rc.d/jail untouched and > (pre-)populate an /etc/fstab. and use that. I do not think this is a very good approach for this use case. Making it an rc.conf option, enables the following tasks as a one-liner change: - Enabling/Disabling skeleton jail (how will the system perform if I have the template directories read-only?); - Switching template root (what will happen if switch from 7.1 userland to 7.2 userland?); - Change mount points within all jails. I do admit that all these can be done with scripts though. Cheers, - -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (FreeBSD) iEYEARECAAYFAkmeBGIACgkQi+vbBBjt66A4GgCgsBo4b6PNTVDX3/3SCyv/ezXI 6+wAn2KZFdazhFjyyf0RPFHP6+8YpyPS =rHFi -----END PGP SIGNATURE-----