From owner-freebsd-current@FreeBSD.ORG Fri Feb 20 02:20:11 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4CCAA106566C; Fri, 20 Feb 2009 02:20:11 +0000 (UTC) (envelope-from quakelee@geekcn.org) Received: from tarsier.delphij.net (delphij-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:2c9::2]) by mx1.freebsd.org (Postfix) with ESMTP id DE16F8FC17; Fri, 20 Feb 2009 02:20:09 +0000 (UTC) (envelope-from quakelee@geekcn.org) Received: from tarsier.geekcn.org (tarsier.geekcn.org [211.166.10.233]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by tarsier.delphij.net (Postfix) with ESMTPS id A12D628449; Fri, 20 Feb 2009 10:20:08 +0800 (CST) Received: from localhost (tarsier.geekcn.org [211.166.10.233]) by tarsier.geekcn.org (Postfix) with ESMTP id 2FC45EB0A49; Fri, 20 Feb 2009 10:20:08 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([211.166.10.233]) by localhost (mail.geekcn.org [211.166.10.233]) (amavisd-new, port 10024) with ESMTP id wQ1KJQthCnK4; Fri, 20 Feb 2009 10:20:03 +0800 (CST) Received: from qld630 (unknown [219.142.100.201]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTPSA id D2C16EB0947; Fri, 20 Feb 2009 10:20:02 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=geekcn.org; c=nofws; q=dns; h=date:to:subject:from:organization:cc:content-type: mime-version:references:content-transfer-encoding:message-id:in-reply-to:user-agent; b=TeBvowhwQ+umOE8j+V/60PdMIpz8ZHw7nfK2ggkVnzJSkbR88Gl27kkHzmqU+NxOG b11zyNX7ZKOj0+QlOqx8Q== Date: Fri, 20 Feb 2009 10:20:01 +0800 To: d@delphij.net, "Bjoern A. Zeeb" From: "Chao Shin" Organization: GeekCN Content-Type: text/plain; format=flowed; delsp=yes; charset=utf-8 MIME-Version: 1.0 References: <499244E6.9030205@delphij.net> <20090212122419.Q53478@maildrop.int.zabbadoz.net> <499E0463.2070608@delphij.net> Content-Transfer-Encoding: 8bit Message-ID: In-Reply-To: <499E0463.2070608@delphij.net> User-Agent: Opera Mail/9.62 (Win32) Cc: freebsd-jail@freebsd.org, freebsd-rc@freebsd.org, FreeBSD Current Subject: Re: [RFC] Skeleton jail (rc.d feature proposal) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2009 02:20:11 -0000 在 Fri, 20 Feb 2009 09:16:19 +0800,Xin LI 写道: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, Bjoern, > > Bjoern A. Zeeb wrote: > [...] >> I do not have the following two on most/any of my machines: >> >>> usr/src >>> usr/obj > > I agree. > >> The correct way to do this I think would leave rc.d/jail untouched and >> (pre-)populate an /etc/fstab. and use that. > > I do not think this is a very good approach for this use case. > > Making it an rc.conf option, enables the following tasks as a one-liner > change: > - Enabling/Disabling skeleton jail (how will the system perform if I > have the template directories read-only?); > - Switching template root (what will happen if switch from 7.1 userland > to 7.2 userland?); > - Change mount points within all jails. > > I do admit that all these can be done with scripts though. > > Cheers, > - -- > Xin LI http://www.delphij.net/ > FreeBSD - The Power to Serve! > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.10 (FreeBSD) > > iEYEARECAAYFAkmeBGIACgkQi+vbBBjt66A4GgCgsBo4b6PNTVDX3/3SCyv/ezXI > 6+wAn2KZFdazhFjyyf0RPFHP6+8YpyPS > =rHFi > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to > "freebsd-current-unsubscribe@freebsd.org" I think I like Li Xin's way. I have set a jail host in my company with Li Xin's patch, it didn't change the usage of original jail system, just add a make target in /usr/src/Makefile, I can use skeleton jail and original jail in one jail host. They have not much differents in rc.conf, if want skeleton, I just add two options with normal settings. It is compatible way with orignal design. quakelee -- The Power to Serve