From owner-freebsd-questions@FreeBSD.ORG Mon Sep 22 06:37:30 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1C5E21065671 for ; Mon, 22 Sep 2008 06:37:30 +0000 (UTC) (envelope-from on@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) by mx1.freebsd.org (Postfix) with ESMTP id 26AE08FC1C for ; Mon, 22 Sep 2008 06:37:28 +0000 (UTC) (envelope-from on@cs.ait.ac.th) Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5]) by mail.cs.ait.ac.th (8.13.1/8.13.1) with ESMTP id m8M6bdnS052012 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 22 Sep 2008 13:37:39 +0700 (ICT) (envelope-from on@banyan.cs.ait.ac.th) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.14.2/8.12.11) id m8M6ftoQ009956; Mon, 22 Sep 2008 13:41:55 +0700 (ICT) Date: Mon, 22 Sep 2008 13:41:55 +0700 (ICT) Message-Id: <200809220641.m8M6ftoQ009956@banyan.cs.ait.ac.th> From: Olivier Nicole To: fmatthew5876@gmail.com In-reply-to: <3eca10930809212301t207b6d08p26eb27294350227a@mail.gmail.com> (fmatthew5876@gmail.com) References: <3eca10930809212301t207b6d08p26eb27294350227a@mail.gmail.com> X-Virus-Scanned: on CSIM by amavisd-milter (http://www.amavis.org/) Cc: freebsd-questions@freebsd.org Subject: Re: Shared /usr in jails X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Sep 2008 06:37:30 -0000 > Aesthetics and philosophy aside, are there any real security holes in just > using the systems /usr everywhere if it is mounted read only in the jails? > THis seems to be the > approach used by solaris zones. Usually a jail /usr is almost empty. You would prefer to have the very strict minimum of things inside a jail. Olivier