Date: Fri, 20 Feb 2009 20:23:13 +0100 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: d@delphij.net Cc: freebsd-jail@FreeBSD.org, FreeBSD Current <freebsd-current@freebsd.org>, freebsd-rc@FreeBSD.org Subject: Re: [RFC] Skeleton jail (rc.d feature proposal) Message-ID: <20090220192312.GD1064@arthur.nitro.dk> In-Reply-To: <499244E6.9030205@delphij.net> References: <499244E6.9030205@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2009.02.10 19:24:22 -0800, Xin LI wrote: > Ok, some local users has prodded me in committing the "skeleton jail" > feature, I find it useful myself but not sure if it's appropriate to > commit it against -HEAD, so I'd like to explain it, try to present it in This complicates an already complicated etc/rc.d/jail script so I think this is a very bad idea. rc.d/jail is already interesting enough security wise as it is IMO. If anyone wants this very much think it should be done in an "external" (to etc/rc.d/jail) jail management system/script. Personally I have been very happy with ezjail, and I think having a script like that "externally" is a much better way to go. If that means importing ezjail or making something like it I don't know. -- Simon L. Nielsen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090220192312.GD1064>