Date: Fri, 30 Mar 2018 20:09:18 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 226931] Deprecating jail(2) and related sysctls Message-ID: <bug-226931-13-NaEx0F6mFd@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-226931-13@https.bugs.freebsd.org/bugzilla/> References: <bug-226931-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D226931 --- Comment #8 from Jamie Gritton <jamie@FreeBSD.org> --- (In reply to Bryan Drewery from comment #7) True, when you're jailed the current jail isn't JID 0. It is in fact an unknown jid, which is a difficult thing to specify. JID 0, as much as it exists, is the base system i.e. the "where I am now" view when you are not jailed, which is reasonably similar to asking for the "where I am now" view when you are jailed. But that's a separate issue. > IMHO removing them (and not even setting read-only for a release or two) > violates POLA and may break a lot of other scripts. Which is the reason it was suggested to put it inside BURN_BRIDGES, which w= ould affect very few systems. It would make sense to reduce it to read-only fir= st and then remove it entirely later, but there seems to be one good switch (BURN_BRIDGES) making it difficult to have an option somewhere between wher= e we are now and where I want to go. Another option is to change where I want to go, and just make read-only the= end goal. I don't consider this the optimal end result, but it may be the POLA alternative. Nonetheless, I am hoping to see an exp-run with the sysctls removed entirel= y, so I can gauge just how widespread their use is. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-226931-13-NaEx0F6mFd>