Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 5 Mar 2004 11:35:48 -0500 (EST)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Pawel Jakub Dawidek <pjd@FreeBSD.org>
Cc:        current@FreeBSD.org
Subject:   Re: HEADS UP: rcNG scripts inside a jail.
Message-ID:  <Pine.NEB.3.96L.1040305111125.68046C-100000@fledge.watson.org>
In-Reply-To: <20040305102543.GJ10864@darkness.comp.waw.pl>

next in thread | previous in thread | raw e-mail | index | archive | help

On Fri, 5 Mar 2004, Pawel Jakub Dawidek wrote:

> I'm going to mark scripts below as not usable inside jail.
> If anyone is using one of those scripts inside a jail and it works,
> now is the right time to start screaming.
> 
> 	abi

This one has some function in jail, but not complete function.
Specifically:

(1) It can't load the kernel modules
(2) It can do the ldconfig

Maybe this should be split into two scripts, or otherwise indiciated.

> 	devd

Technically speaking, this could be run in a jail, but I agree it
currently is unlikely to (and since devd can't run multiple instances, it
would cause suffering if it tried).

> And here is the list of scripts that I've no idea if they should be
> available inside a jail or not:
> 
> 	bootparams
> 	kdc
> 	kerberos
> 	keyserv
> 	kpasswdd
> 	mrouted
> 	rarpd
> 	route6d
> 	routed
> 	rpcbind
> 	rwho

I've never tried running Kerberos in a jail, but assuming it didn't mind
the IP address munging, I see no reason not to allow it.  In fact, you
might argue that that could be a desirable configuration.

By default, we don't expose BPF in jail, so rarpd, et al, probably won't
run happily.  However, it's something we might want to consider at some
point.

mrouted can't run in a jail because it can't manipulate the kernel routing
state.

rpcbind probably is useful since there's no reason we couldn't run
userspace RPC applications in a jail.

The other routed pieces (4 and 6) we can do without.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Senior Research Scientist, McAfee Research



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1040305111125.68046C-100000>