Date: Wed, 27 Feb 2013 09:30:56 +0100 From: Andreas Nilsson <andrnils@gmail.com> To: Jamie Gritton <jamie@freebsd.org> Cc: freebsd-jail <jail@freebsd.org> Subject: Re: vnet jails and rc-scripts Message-ID: <CAPS9%2BSs50cJgyzUBLwBK%2BYdzfZQN5pNa0H-D9BdLa2xGt8uqFw@mail.gmail.com> In-Reply-To: <512D8F3C.4000000@FreeBSD.org> References: <CAPS9%2BSu7HtMjgTJTZr5fwaDUbQVHPBjBini2g%2B60AbJHkUe9MA@mail.gmail.com> <13CA24D6AB415D428143D44749F57D7201EADE8B@ltcfiswmsgmb21> <CAPS9%2BSueNAEBCZWYW%2BeE8sbHgrbdJoYa2b0QaQz9FOCmqzofJw@mail.gmail.com> <512D8F3C.4000000@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Feb 27, 2013 at 5:44 AM, Jamie Gritton <jamie@freebsd.org> wrote: > On 02/26/13 01:56, Andreas Nilsson wrote: > > However I still don't get the purpose of the security.jail.param.*. Are >> the >> to be set in loader.conf/sysctl.conf to influence default config of jails, >> or are the supposed to be per-jail ( from inside jail ) carriers of >> config? >> The PR seems to indicate it's not really clear. >> >> Also, man jail says: >> "The current set of available parameters can be >> retrieved via ``sysctl -d security.jail.param''. Any parameters not >> set >> will be given default values, often based on the current >> environment. >> The core parameters are: >> " >> and then lists some. For example jid. I take that to mean that the value >> of security.jail.param.jid from inside jail should return the jid of the >> jail. I just get 0. And security.jail.param.path is 1024, which is not at >> all the path of the jail... There seems to be quite a discrepancy between >> manpage and implementation. >> > > The bit that the man page says is in fact the entire (user-visible) user > for those sysctls: they're just there to show what parameters are > available, and what types they are. Actually, they also show jail(8) the > same thing, and that's how it knows what parameters exist. > Ok. I'm feeling a bit daft here, from within a jail do they say "these parameters can be set" or "those parameters have been set"? > But the parameters don't actually have any useful values. Only their > types, sizes and descriptions are valid. > > - Jamie > Ok, somewhat disappointing ;) Is there a ongoing effort to teach rc and friends about difference between jails and vnet jails? Or is it deemed a security problem that a jail knows the "circumstances of its conception"? Best regards Andreas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPS9%2BSs50cJgyzUBLwBK%2BYdzfZQN5pNa0H-D9BdLa2xGt8uqFw>