From owner-freebsd-questions Fri Dec 15 12:55:30 2000 From owner-freebsd-questions@FreeBSD.ORG Fri Dec 15 12:55:27 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mail.wlcg.com (mail.wlcg.com [207.226.17.4]) by hub.freebsd.org (Postfix) with ESMTP id 6B1EF37B400 for ; Fri, 15 Dec 2000 12:55:27 -0800 (PST) Received: from localhost (rsimmons@localhost) by mail.wlcg.com (8.11.1/8.11.1) with ESMTP id eBFKt4R02738; Fri, 15 Dec 2000 15:55:04 -0500 (EST) (envelope-from rsimmons@wlcg.com) Date: Fri, 15 Dec 2000 15:55:04 -0500 (EST) From: Rob Simmons To: Peter Brezny Cc: freebsd-questions@FreeBSD.ORG Subject: Re: named, _sandbox_ and chroot? In-Reply-To: <002801c066ef$415e7460$46010a0a@sysadmininc.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG A chrooted environment is a sandbox. There are two effective methods of creating a sandbox in FreeBSD. You can chroot a process, which changes the root directory that the process has access to, and you must provide all the resources/libraries/binaries that it would need inside of that directory. Another way is to create a jail, which is essentially a virtual machine running its own entire copy of FreeBSD. The details of doing this are very well laid out in the man page jail(8). Robert Simmons Systems Administrator http://www.wlcg.com/ On Fri, 15 Dec 2000, Peter Brezny wrote: > If you are running named in a sand box, is it advisable to run it in a > chrooted enviroment as well? > > Why or why not? > > TIA > > Peter Brezny > SysAdmin Services Inc. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message