Date: Wed, 07 Jun 2006 01:05:54 +0100 From: Florent Thoumie <flz@FreeBSD.org> To: Dirk Engling <erdgeist@erdgeist.org> Cc: matteo@FreeBSD.org, freebsd-rc <freebsd-rc@freebsd.org>, deyan.dyankov@gmail.com Subject: Re: New feature exec_afterstart Message-ID: <1149638754.7125.8.camel@localhost> In-Reply-To: <448604F0.9070406@erdgeist.org> References: <448604F0.9070406@erdgeist.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Wed, 2006-06-07 at 00:42 +0200, Dirk Engling wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello, > > while incorporating some of the jail options grouping stuff into > /etc/rc.d/jail I noticed the introduction of a new feature called > "exec_afterstart". > > This has not been discussed here on list but yet was introduced in 1.34 > and is going to be MFCed somewhere around soon. > > When googling around I found this: > http://www.freebsd.org/cgi/query-pr.cgi?pr=97697 > > I do not see, what this approach yields that cannot simply be > accomplished by a second jail on the same jailroot/IP-combination, > correct me, if I am wrong. Further I can not see, what /bin/sh > introduces in terms of system (in)security that will not happen to you > if you have syscalls. The /bin/sh thing seemed discutable to me but I didn't investigate enough to ask for backout. > The patch introduces the same ugly enumeration style that already sucks > in the ifconfig rc script and should be deprecated. Correct me, if I am > wrong. > > So I'd strongly vote to not to MFC but rather remove this feature. It still can be discussed now. > Btw.: Where do these kinds of discussions normally take place? I mean > before things are committed. Here and in gnats. See conf and rc PRs. PS: Matteo and submitter CC'ed. -- Florent Thoumie flz@FreeBSD.org FreeBSD Committer [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQBEhhhiMxEkbVFH3PQRAmByAKCQLEG8xG3cNbub8thqAg9MoAKuVQCbBT2f TnvEnZX0z9SWf+TMukAiwu4= =Ioq3 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1149638754.7125.8.camel>