From owner-freebsd-arch@FreeBSD.ORG  Fri Feb 27 07:27:42 2004
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9D3E716A4CF
	for <freebsd-arch@freebsd.org>; Fri, 27 Feb 2004 07:27:42 -0800 (PST)
Received: from darkness.comp.waw.pl (unknown [195.117.238.236])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CE87543D3F
	for <freebsd-arch@freebsd.org>; Fri, 27 Feb 2004 07:27:41 -0800 (PST)
	(envelope-from pjd@darkness.comp.waw.pl)
Received: by darkness.comp.waw.pl (Postfix, from userid 1009)
	id 08B2EACE1F; Fri, 27 Feb 2004 16:27:40 +0100 (CET)
Date: Fri, 27 Feb 2004 16:27:40 +0100
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
To: freebsd-arch@freebsd.org
Message-ID: <20040227152739.GG5720@darkness.comp.waw.pl>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="sl5MdczEF/OU2Miu"
Content-Disposition: inline
User-Agent: Mutt/1.4.2i
X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc
X-OS: FreeBSD 5.2.1-RC2 i386
Subject: rcNG and jail.
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussion related to FreeBSD architecture
	<freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Feb 2004 15:27:42 -0000


--sl5MdczEF/OU2Miu
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hello.

I've some proof-of-concept patch to teach rcNG about jail.
This will allow using starting scripts without any hacks.

It works in this way:

We're able now to check if we are in jail or not by getting value of
sysctl security.jail.jailed. By default scripts are available inside
jail, if script does not make sens in jail it should be marked by
setting "injail" variable to "no" inside it.
Script can still be started when prefix 'force' is used.

I'm not sure if this is "the right way", maybe we should provide
some sort of script flags to define things like this?

	http://people.freebsd.org/~pjd/patches/rc_jail.patch

--=20
Pawel Jakub Dawidek                       http://www.FreeBSD.org
pjd@FreeBSD.org                           http://garage.freebsd.pl
FreeBSD committer                         Am I Evil? Yes, I Am!

--sl5MdczEF/OU2Miu
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAP2HrForvXbEpPzQRAqNVAKCGPjZBY6tXndmtk4Ds8gza9TDyBgCgqzfK
Mvm/Q5TbYFe1IO9L1kxbnPE=
=xDfr
-----END PGP SIGNATURE-----

--sl5MdczEF/OU2Miu--