From owner-freebsd-emulation@FreeBSD.ORG  Mon Aug  6 09:51:39 2007
Return-Path: <owner-freebsd-emulation@FreeBSD.ORG>
Delivered-To: emulation@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E337816A418;
	Mon,  6 Aug 2007 09:51:38 +0000 (UTC)
	(envelope-from alexander@leidinger.net)
Received: from redbull.bpaserver.net (redbullneu.bpaserver.net
	[213.198.78.217])
	by mx1.freebsd.org (Postfix) with ESMTP id 95B6F13C45A;
	Mon,  6 Aug 2007 09:51:38 +0000 (UTC)
	(envelope-from alexander@leidinger.net)
Received: from outgoing.leidinger.net (p54A55A8D.dip.t-dialin.net
	[84.165.90.141])
	by redbull.bpaserver.net (Postfix) with ESMTP id 1E4EE2E13F;
	Mon,  6 Aug 2007 11:51:27 +0200 (CEST)
Received: from webmail.leidinger.net (webmail.Leidinger.net [192.168.1.102])
	by outgoing.leidinger.net (Postfix) with ESMTP id 00A445B5A04;
	Mon,  6 Aug 2007 11:49:13 +0200 (CEST)
Received: (from www@localhost)
	by webmail.leidinger.net (8.13.8/8.13.8/Submit) id l769nDEa056125;
	Mon, 6 Aug 2007 11:49:13 +0200 (CEST)
	(envelope-from Alexander@Leidinger.net)
Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by
	webmail.leidinger.net (Horde MIME library) with HTTP; Mon, 06 Aug 2007
	11:49:13 +0200
Message-ID: <20070806114913.vwjsryyko4kgo4g8@webmail.leidinger.net>
X-Priority: 3 (Normal)
Date: Mon, 06 Aug 2007 11:49:13 +0200
From: Alexander Leidinger <Alexander@Leidinger.net>
To: Roman Divacky <rdivacky@freebsd.org>
References: <45722684@bsam.ru>
	<20070806093303.axopv21aw0ckowco@webmail.leidinger.net>
	<20070806090422.GA47161@freebsd.org>
In-Reply-To: <20070806090422.GA47161@freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain;
	charset=UTF-8;
	DelSp="Yes";
	format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
User-Agent: Internet Messaging Program (IMP) H3 (4.1.4) / FreeBSD-7.0
X-BPAnet-MailScanner-Information: Please contact the ISP for more information
X-BPAnet-MailScanner: Found to be clean
X-BPAnet-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
	score=-15.4, required 8, autolearn=not spam, BAYES_00 -15.00,
	DKIM_POLICY_SIGNSOME 0.00, RDNS_DYNAMIC 0.10, SMILEY -0.50)
X-BPAnet-MailScanner-From: alexander@leidinger.net
X-Spam-Status: No
Cc: emulation@freebsd.org, freebsd-jail@freebsd.org
Subject: Re: Is it safe to change compat.linux.osrelease inside a jail?
X-BeenThere: freebsd-emulation@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Development of Emulators of other operating systems
	<freebsd-emulation.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-emulation>, 
	<mailto:freebsd-emulation-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-emulation>
List-Post: <mailto:freebsd-emulation@freebsd.org>
List-Help: <mailto:freebsd-emulation-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-emulation>, 
	<mailto:freebsd-emulation-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Aug 2007 09:51:39 -0000

Quoting Roman Divacky <rdivacky@freebsd.org> (from Mon, 6 Aug 2007 =20
11:04:22 +0200):

> On Mon, Aug 06, 2007 at 09:33:03AM +0200, Alexander Leidinger wrote:
>> Quoting Boris Samorodov <bsam@ipt.ru> (from Sat, 04 Aug 2007 00:00:35
>> +0400):
>>
>> >Hi!
>> >
>> >
>> >I'm porting some Fedora Core 6 applications. Since the FreeBSD
>> >package of a FC6 port should be build with non-default
>> >compat.linux.osrelease and pointyhat is using jails to create
>> >packages, here is the question at the Subject.
>> >
>> >I know it _may_ be changed (I've tried and succeeded). Can someone
>> >say that it's quite OK to do so (without bad effects to jail/host)?
>> >Sure I ask about -CURRENT.
>>
>> Roman did some work to make this a per-jail feature. I haven't seen
>> any obvious stuff in the code which would make using this a bad idea.
>> So: there are no known side-effects to use this in a jail.
>
> I didnt do anything.. this has always been per-jail attribute :)

Yes. Sorry for not being clear. You did the right work from the =20
beginning to make the sysctl per jail instead of making it a global =20
property of the system. And the feature which is protected by this =20
sysctl should be able to work correctly for the use case.

Hmmm... while I think about jails... wouldn't it be better from a =20
security perspective to have the list/queue/... which is behind the =20
use26 part be a per jail list/queue/...? It may be not an issue, but =20
can you verify that root in jail A can not do something (kill/...) / =20
get some info (even if it is just a PID of a linux process) from jail =20
B when both -current jails run in the non-default linuxulator? I ask =20
as I don't have time to look at it ATM.

Bye,
Alexander.

--=20
Q:=09How can we get the Beatles to reunite for one more concert?
A:=09With three more bullets.

http://www.Leidinger.net    Alexander @ Leidinger.net: PGP ID =3D B0063FE7
http://www.FreeBSD.org       netchild @ FreeBSD.org  : PGP ID =3D 72077137