From owner-svn-src-head@FreeBSD.ORG Sun Feb 9 12:03:22 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3E74FF40; Sun, 9 Feb 2014 12:03:22 +0000 (UTC) Received: from mail-ea0-x231.google.com (mail-ea0-x231.google.com [IPv6:2a00:1450:4013:c01::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id D17851FEE; Sun, 9 Feb 2014 12:03:20 +0000 (UTC) Received: by mail-ea0-f177.google.com with SMTP id n15so2428363ead.8 for ; Sun, 09 Feb 2014 04:03:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=OC7eYr4YdN4JTElj0Hn6QCeBwFWASii4XEoTwp4kp3A=; b=puSeKDpjsUzaUKDxHz1dPhNqmjFbrMorEXL4pk48VYqd+2EV1LZ98J9E86o/5Smi0i 2DvvHKyW7w2ORrLF86kTMxQHyU9AvQZhzqx/jo/8UQZ5zObxkIyFfmW2VuwyTinpW2SL /eyVerlFlJY3QeCJEW+eKiEchNZmctGlhHjR6rgIvD5cQWsjRrIe1UOXFl14eBi4O0wG D8274XVX/eNVqhGaT+nv6h4U0lcjh5uwtgRM2kJJrT6HQIFcpBLGbWpgYfngT4CGd2v0 yQ2ByxYhY9K0LSrpPeRS+C31bnPnjoYsPR4GcPvlnkRtXUFKS78aufLjPPK94sxmR7MY z5aw== X-Received: by 10.15.107.77 with SMTP id ca53mr2749545eeb.59.1391947399346; Sun, 09 Feb 2014 04:03:19 -0800 (PST) Received: from strashydlo.home (adfl20.neoplus.adsl.tpnet.pl. [79.184.115.20]) by mx.google.com with ESMTPSA id o45sm27226511eeb.18.2014.02.09.04.03.17 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 09 Feb 2014 04:03:18 -0800 (PST) Sender: =?UTF-8?Q?Edward_Tomasz_Napiera=C5=82a?= Subject: Re: svn commit: r261266 - in head: sys/dev/drm sys/kern sys/sys usr.sbin/jail Mime-Version: 1.0 (Apple Message framework v1283) Content-Type: text/plain; charset=iso-8859-2 From: =?iso-8859-2?Q?Edward_Tomasz_Napiera=B3a?= In-Reply-To: <52F0EFE8.7030105@freebsd.org> Date: Sun, 9 Feb 2014 13:03:16 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: <67AD08A6-BFB3-487A-B401-4AD180F4CF79@FreeBSD.org> References: <201401291341.s0TDfDcB068211@svn.freebsd.org> <20140129134344.GW66160@FreeBSD.org> <52E906CD.9050202@freebsd.org> <20140129222210.0000711f@unknown> <20140131223011.0000163b@unknown> <52EC4DBB.50804@freebsd.org> <20140203235336.GA46006@ambrisko.com> <6AF2ADA6-8BAD-4875-8B15-A859B41DDCC0@FreeBSD.org> <52F0E9E9.2080402@freebsd.org> <52F0EFE8.7030105@freebsd.org> To: James Gritton X-Mailer: Apple Mail (2.1283) Cc: src-committers@FreeBSD.org, Doug Ambrisko , svn-src-all@FreeBSD.org, Gleb Smirnoff , "Robert N. M. Watson" , svn-src-head@FreeBSD.org, Alexander Leidinger , Julian Elischer X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Feb 2014 12:03:22 -0000 Wiadomo=B6=E6 napisana przez James Gritton w dniu 4 lut 2014, o godz. = 14:49: > On 2/4/2014 6:23 AM, Julian Elischer wrote: >> On 2/4/14, 3:40 PM, Robert N. M. Watson wrote: >>> On 3 Feb 2014, at 23:53, Doug Ambrisko = wrote: >>>=20 >>>> It's unfortunate that vimage requires jail. I want to use vimage = but >>>> not have the security restrictions of a jail. To do this I patched >>>> jail to basically let everything through. It would be nice to be >>>> able to run jail in an insecure mode which I understand is a = contradition. >>>> I do use the jail infrastructure to set the uname*/getosreldate so >>>> that a specific jail thinks it is FreeBSD version blah. Then I can = ssh >>>> into that jail and pkg_add things, make ports etc. I use this on >>>> my laptop running current on the base. My other jails run various >>>> versions of FreeBSD. I don't care about security in this case. >>=20 >> vimage was not originally tied to jails. I can't remember why we = decided to do that :-) >=20 > Leaving the smiley aside for the present, I remember that one - and > it's closely tied to this discussion. It was part of this more > flexible vision of jails that had added features, of which security > was just one (optional) part. I thought of them as a more general > encapsulation framework as needs would arise. Just for the record, that's the exact same reason I didn't invent yet = another encapsulation mechanism for RCTL - the idea was to use jails when you = need any kind of nested hierarchy. --=20 If you cut off my head, what would I say? Me and my head, or me and my = body?