From nobody Mon Feb 7 13:42:53 2022 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B94C319A539C for ; Mon, 7 Feb 2022 13:43:06 +0000 (UTC) (envelope-from freebsd@boosten.org) Received: from smtpq6.tb.mail.iss.as9143.net (smtpq6.tb.mail.iss.as9143.net [212.54.42.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4JsnQd4KvBz4tXD for ; Mon, 7 Feb 2022 13:43:05 +0000 (UTC) (envelope-from freebsd@boosten.org) Received: from [212.54.42.107] (helo=smtp3.tb.mail.iss.as9143.net) by smtpq6.tb.mail.iss.as9143.net with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nH4IE-00035Z-CE for questions@freebsd.org; Mon, 07 Feb 2022 14:42:58 +0100 Received: from smtp.boosten.org ([84.25.247.31]) by smtp3.tb.mail.iss.as9143.net with ESMTP id H4IEngnh8LG10H4IEn9jL5; Mon, 07 Feb 2022 14:42:58 +0100 X-Env-Mailfrom: freebsd@boosten.org X-Env-Rcptto: questions@freebsd.org X-SourceIP: 84.25.247.31 X-CNFS-Analysis: v=2.4 cv=S9HKfagP c=1 sm=1 tr=0 ts=620121e2 cx=a_exe a=JWBJsaPp29SgP5DpYRBqZw==:117 a=JWBJsaPp29SgP5DpYRBqZw==:17 a=IkcTkHD0fZMA:10 a=oGFeUVbbRNcA:10 a=xLIdy5D-8O3XVsCpbNMA:9 a=QEXdDO2ut3YA:10 Received: from mailserver.boosten.org (localhost [127.0.0.1]) by smtp.boosten.org (Postfix) with ESMTP id 8F13450E9F for ; Mon, 7 Feb 2022 14:42:57 +0100 (CET) X-Virus-Scanned: amavisd-new at boosten.org Received: from [131.155.68.210] (dyn068210.nbw.tue.nl [131.155.68.210]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp.boosten.org (Postfix) with ESMTPSA id C5BD950ED8 for ; Mon, 7 Feb 2022 14:42:55 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.10.3 smtp.boosten.org C5BD950ED8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=boosten.org; s=myselector; t=1644241375; bh=+YlSpqcsfUm9l3mS8F53A2QMpvHhbxbeLzu1debry/I=; h=Date:Subject:To:References:From:In-Reply-To:From; b=HCf027rp8QtMXOg5GA+TgbGQfxfXKS1tZowwyA71b8hZ5TxMUbLpm9idNG1la9Lqd HXRXq55aHgWM8rvlCyc5KyIVh5JjVRCImFMbGH+unwpNep66r0jZcKRkKrvNan9OSb i1rk7iN2ziZOJuaJqZHb2GI99g1AdM6uLiP4A+OL6kPca3IbJmnudZ7vEBHZ5BijFX C9lGxDJgA+T1R0nTscf1vInI34yhDTJHqlsbAXIB1xxWnxFLaMNGo1Ji8OcfQwDZf3 t4TVF8GyPvN//sHu75bm8MTtMo8vBfqAoFnu6jZoKLga+TUmEbWT/FbYJKi9FghmyI uIdMZFnE5gkIw== Message-ID: Date: Mon, 7 Feb 2022 14:42:53 +0100 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.4.1 Subject: Re: Jail, and specifically iocage, best practices Content-Language: en-US To: questions@freebsd.org References: <20220206131729.d383fcb179754014704cb70f@sohara.org> <7a79d682-5d73-858a-526c-c8c0d3956a9d@safeport.com> <62002020.5010501@gmail.com> From: Peter Boosten In-Reply-To: <62002020.5010501@gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-CMAE-Envelope: MS4xfJIDtffW9c9XREufmhqnqSRLL9qRfgX3EUpB30ebASDcl3XO/TrshHEDSS2nGstvNsz3ly0RTdqChVJtrNSRADkv4GdVYJwRbtpkh1bbfdk3qBUAkyGO 40oCYzePJTJFDtiStgiZ8etrIf6mAHsuMu7pEQUXRZfMpR67qS4ZwRhUKnqC2aC/bn0MJfOw02niEQ== X-Rspamd-Queue-Id: 4JsnQd4KvBz4tXD X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=boosten.org header.s=myselector header.b=HCf027rp; dmarc=pass (policy=reject) header.from=boosten.org; spf=pass (mx1.freebsd.org: domain of freebsd@boosten.org designates 212.54.42.169 as permitted sender) smtp.mailfrom=freebsd@boosten.org X-Spamd-Result: default: False [-2.09 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:212.54.32.0/19]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[boosten.org:+]; DMARC_POLICY_ALLOW(-0.50)[boosten.org,reject]; NEURAL_HAM_SHORT(-0.99)[-0.994]; RCVD_IN_DNSWL_LOW(-0.10)[212.54.42.169:from]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RECEIVED_SPAMHAUS_PBL(0.00)[131.155.68.210:received,84.25.247.31:received]; RCVD_TLS_LAST(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; ASN(0.00)[asn:33915, ipnet:212.54.32.0/20, country:NL]; ARC_NA(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; R_DKIM_ALLOW(-0.20)[boosten.org:s=myselector]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org]; NEURAL_SPAM_MEDIUM(1.00)[1.000]; RCPT_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[212.54.42.107:received]; MLMMJ_DEST(0.00)[questions]; RWL_MAILSPIKE_POSSIBLE(0.00)[212.54.42.169:from] X-ThisMailContainsUnwantedMimeParts: N On 06/02/2022 20:23, Ernie Luzar wrote: > > ezjail is obsolete because it uses the original jail options in the > rc.conf and not the jail.conf as now. > use a mix: I maintain (creating, updating, destroying) the jails with ezjail, however use jail.conf for setting options. Once you get the hang of that, it's quite easy (running 15 jails currently) > -- Peter It never hurts to help