From owner-freebsd-questions Thu Apr 18 5:44:21 2002 Delivered-To: freebsd-questions@freebsd.org Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68]) by hub.freebsd.org (Postfix) with ESMTP id 8615637B404 for ; Thu, 18 Apr 2002 05:44:13 -0700 (PDT) Received: from localhost (marck@localhost) by woozle.rinet.ru (8.11.6/8.11.6) with ESMTP id g3ICiBZ98531 for ; Thu, 18 Apr 2002 16:44:11 +0400 (MSD) (envelope-from marck@rinet.ru) Date: Thu, 18 Apr 2002 16:44:11 +0400 (MSD) From: Dmitry Morozovsky To: questions@freebsd.org Subject: jails and local-NFS /usr (fwd) Message-ID: <20020418161435.P95955-100000@woozle.rinet.ru> X-NCC-RegID: ru.rinet MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Dear colleagues, I've asked this question some times ago in stable@, but with no answer. Digging into mail archives also had no success. Can anyone point me to "The Right Point" [tm] ;-) ? Ar, maybe, this is the question to isp@ or arch@ ? Thanks in advance. ---------- Forwarded message ---------- Date: Sun, 14 Apr 2002 21:17:52 +0400 (MSD) From: Dmitry Morozovsky To: stable@FreeBSD.ORG Subject: jails and local-NFS /usr Hello there colleagues, I'm planning to play with jail(8) etc to deploy this facility for our hosting services, and now looking at the ability to use NFS from jailed pseudo-machine to host. I'd think of making special filesystem with restricted set of binaries and export it as a local-NFS partition to be mounted readonly as jailed /usr. However, there's a couple of sentenses in jail(8) manpage, and especially: >Attempting to serve NFS from the host environment may also cause >confusion, and cannot be easily reconfigured to use only specific IPs, as >some NFS services are hosted directly from the kernel. Is it still true, and if yes, are there any plans to improve this? (as a side note: why portmap binds to TCP socket with 0.0.0.0 ip address? portmasp.c, lines around 206 as of 1.10.2.2) Thanks in advace. Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message