Date: Fri, 23 Sep 2005 20:12:37 +0100 From: Brian Candler <B.Candler@pobox.com> To: Jeremie Le Hen <jeremie@le-hen.org> Cc: freebsd-current@FreeBSD.org Subject: Re: jail's periodic stuff Message-ID: <20050923191237.GA870@uk.tiscali.com> In-Reply-To: <20050923163042.GZ24643@obiwan.tataz.chchile.org> References: <20050922122113.GO24643@obiwan.tataz.chchile.org> <20050923092231.GF94511@uk.tiscali.com> <20050923100707.GW24643@obiwan.tataz.chchile.org> <20050923113819.GA95825@uk.tiscali.com> <20050923163042.GZ24643@obiwan.tataz.chchile.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 23, 2005 at 06:30:42PM +0200, Jeremie Le Hen wrote: > Note that I'm still not sure about these scripts : > 400.status-disks > 405.status-ata-raid > 420.status-network > For instance, 420 uses ``netstat -in''. It will not be able to run > inside a jail, unless /dev/mem is available (I'm not sure this is > still the case with rwatson@ recent changes), which is, while still > possible, very unlikely. You probably don't need to worry about it too much. Even if the user isn't allowed to run 'netstat -in' then nothing bad will happen, short of perhaps a mail being sent to the jail owner. They can always override it in their own /etc/periodic.conf or /etc/periodic.conf.local The test I would use is: "is this script something to do with administering the *machine* itself, or the *jail environment*?" Almost always I'd expect the network interfaces to belong to the machine only. The disks and ata-raid arrays most likely belong to the machine. It's not impossible that the system administrator would decide to open up direct access to a particular drive into a particular jail (using devfs rules), but even then it's more likely the system administrator rather than the person sitting within the jail who is going to be responsible for the good health of the drives, and therefore wants to see these alerts. > I would like to hear some advice of wise people about this. Ah, that I can't help you with :-) Regards, Brian.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050923191237.GA870>