From owner-freebsd-current@FreeBSD.ORG Tue Jun 3 08:18:50 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2864B9A7 for ; Tue, 3 Jun 2014 08:18:50 +0000 (UTC) Received: from smtp.fagskolen.gjovik.no (smtp.fagskolen.gjovik.no [IPv6:2001:700:1100:1:200:ff:fe00:b]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "smtp.fagskolen.gjovik.no", Issuer "Fagskolen i Gj??vik" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 8F4E82B90 for ; Tue, 3 Jun 2014 08:18:49 +0000 (UTC) Received: from mail.fig.ol.no (localhost [127.0.0.1]) by mail.fig.ol.no (8.14.8/8.14.8) with ESMTP id s538Ih0R041710 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 3 Jun 2014 10:18:43 +0200 (CEST) (envelope-from trond@fagskolen.gjovik.no) Received: from localhost (trond@localhost) by mail.fig.ol.no (8.14.8/8.14.8/Submit) with ESMTP id s538Ih9F041707; Tue, 3 Jun 2014 10:18:43 +0200 (CEST) (envelope-from trond@fagskolen.gjovik.no) X-Authentication-Warning: mail.fig.ol.no: trond owned process doing -bs Date: Tue, 3 Jun 2014 10:18:43 +0200 (CEST) From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= Sender: Trond.Endrestol@fagskolen.gjovik.no To: Beeblebrox Subject: Re: jail sockstat shows gdnc, gdomap, casperd as enabled In-Reply-To: Message-ID: References: <1401778952788-5917302.post@n5.nabble.com> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) Organization: Fagskolen Innlandet OpenPGP: url=http://fig.ol.no/~trond/trond.key MIME-Version: 1.0 X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=ham autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mail.fig.ol.no Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.18 Cc: freebsd-current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2014 08:18:50 -0000 On Tue, 3 Jun 2014 01:00-0700, Beeblebrox wrote: > Hi Trond, > > > These two are related to GNUstep. If your jails don't run GNUstep, > > why is GNUstep installed in the first place? > > I know that they are related to GNUstep (although I have no idea what > GNUstep actually does other than act as a messaging system probably like > dbus). Anyway, I don't understand how & why they start up and that's > exactly my question. The only insight I can provide, is that /usr/local is > null_mounted on to jail/usr/local, but that should not really have this > effect. I have no experience with GNUstep, but I recall X applications depending on dbus will start an user instance if there's no system instance running. I guess the same applies to GNUstep's services. > > casperd is part of capsicum. You should probably keep this one. > > I figured as much re capsicum. So the question becomes "should all jails be > running capsicum in this case"? casperd uses local sockets and are thus confined to its jail. Do the sandboxes in each jail need the casperd services, e.g. the DNS service? Well, yes, if the sandboxes i.e. can't send UDP datagrams. -- +-------------------------------+------------------------------------+ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +-------------------------------+------------------------------------+