Date: Fri, 5 Mar 2004 11:35:48 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.org> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: current@FreeBSD.org Subject: Re: HEADS UP: rcNG scripts inside a jail. Message-ID: <Pine.NEB.3.96L.1040305111125.68046C-100000@fledge.watson.org> In-Reply-To: <20040305102543.GJ10864@darkness.comp.waw.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 5 Mar 2004, Pawel Jakub Dawidek wrote: > I'm going to mark scripts below as not usable inside jail. > If anyone is using one of those scripts inside a jail and it works, > now is the right time to start screaming. > > abi This one has some function in jail, but not complete function. Specifically: (1) It can't load the kernel modules (2) It can do the ldconfig Maybe this should be split into two scripts, or otherwise indiciated. > devd Technically speaking, this could be run in a jail, but I agree it currently is unlikely to (and since devd can't run multiple instances, it would cause suffering if it tried). > And here is the list of scripts that I've no idea if they should be > available inside a jail or not: > > bootparams > kdc > kerberos > keyserv > kpasswdd > mrouted > rarpd > route6d > routed > rpcbind > rwho I've never tried running Kerberos in a jail, but assuming it didn't mind the IP address munging, I see no reason not to allow it. In fact, you might argue that that could be a desirable configuration. By default, we don't expose BPF in jail, so rarpd, et al, probably won't run happily. However, it's something we might want to consider at some point. mrouted can't run in a jail because it can't manipulate the kernel routing state. rpcbind probably is useful since there's no reason we couldn't run userspace RPC applications in a jail. The other routed pieces (4 and 6) we can do without. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Senior Research Scientist, McAfee Research
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1040305111125.68046C-100000>