From owner-freebsd-jail@FreeBSD.ORG Sun May 25 22:04:02 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5C3F31065671 for ; Sun, 25 May 2008 22:04:02 +0000 (UTC) (envelope-from prvs=10311e3df6=killing@multiplay.co.uk) Received: from mail1.multiplay.co.uk (core6.multiplay.co.uk [85.236.96.23]) by mx1.freebsd.org (Postfix) with ESMTP id D94008FC13 for ; Sun, 25 May 2008 22:04:01 +0000 (UTC) (envelope-from prvs=10311e3df6=killing@multiplay.co.uk) DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=multiplay.co.uk; s=Multiplay; t=1211752084; x=1212356884; q=dns/txt; h=Received: Message-ID:From:To:References:Subject:Date:MIME-Version: Content-Type:Content-Transfer-Encoding; bh=0hbDBZ9u3uKlnybx2gaXb k7Wa+Ou5xk/WBtM9fGEylg=; b=K7AtPiinUmPb7OtMf4kpgPtyIwy8TvHlmLATB 1R/oh0xTHZ3nOsGcSVOGgoq3RmZp4K2Tv0YbHGfzSiR8rxJxUEMfS9rOqiNMVUd4 RUYCVIojCtBSQJIRTXOVEpU+E4nCDv9dK3fOLTWHgJnqubjffZ+PbtBNRiRToUAM jjLXSY= X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on mail1.multiplay.co.uk X-Spam-Level: X-Spam-Status: No, score=-14.7 required=6.0 tests=BAYES_00, FORGED_MUA_OUTLOOK, USER_IN_WHITELIST,USER_IN_WHITELIST_TO autolearn=ham version=3.1.8 Received: from r2d2 by mail1.multiplay.co.uk (MDaemon PRO v9.6.5) with ESMTP id md50005667929.msg for ; Sun, 25 May 2008 22:48:01 +0100 X-Authenticated-Sender: Killing@multiplay.co.uk X-MDRemoteIP: 212.135.219.182 X-Return-Path: prvs=10311e3df6=killing@multiplay.co.uk X-Envelope-From: killing@multiplay.co.uk X-MDaemon-Deliver-To: freebsd-jail@freebsd.org Message-ID: <1F08E6231F60497A9BF556590BB56E9A@multiplay.co.uk> From: "Steven Hartland" To: "Geoffroy DESVERNAY" , References: <822C1BB6-3591-4CE1-AFEA-8B07B9F5ED8D@pean.org><483556DB.9070602@quip.cz><08244555-5BD2-4F67-B311-CCC5E316A068@pean.org> <20080522165219.D47338@maildrop.int.zabbadoz.net> <8068148B75CB4B3E953144A0DF47E496@multiplay.co.uk> <4839CEFC.1050605@ec-marseille.fr> Date: Sun, 25 May 2008 22:47:55 +0100 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5512 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512 X-Spam-Processed: mail1.multiplay.co.uk, Sun, 25 May 2008 22:48:03 +0100 X-MDAV-Processed: mail1.multiplay.co.uk, Sun, 25 May 2008 22:48:04 +0100 Cc: Subject: Re: Jail resource limits X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 May 2008 22:04:02 -0000 ----- Original Message ----- From: "Geoffroy DESVERNAY" >> This is something we're really looking forward to tbh a great >> feature :) One of the reasons for this is hosting jails, with >> the addition of multi IP support we will be able to enable >> jails to connect to "backdoor" secure services such as a >> mysql server. >> > We are already doing this (sql on a separated(physical) LAN, but jail > don't need a second interface for that: the real host's routing table is > used for outgoing packets. > Note we still need a static route on the SQL server for the packets to > come back the same way > > I still don't know if this behaviour is the better one (one may think > that jail's packets should not go through different interface ?), but it > works quite well ;) Surely that compromises jail security i.e. being able to access resources from the host box even it the jail has no perceivable access to them? I assume this still doesn't work if the server is in fact run on the main host only running on localhost? Regards Steve ================================================ This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337 or return the E.mail to postmaster@multiplay.co.uk.