Date: Sun, 9 Feb 2014 13:03:16 +0100 From: =?iso-8859-2?Q?Edward_Tomasz_Napiera=B3a?= <trasz@FreeBSD.org> To: James Gritton <jamie@freebsd.org> Cc: src-committers@FreeBSD.org, Doug Ambrisko <ambrisko@ambrisko.com>, svn-src-all@FreeBSD.org, Gleb Smirnoff <glebius@FreeBSD.org>, "Robert N. M. Watson" <rwatson@FreeBSD.org>, svn-src-head@FreeBSD.org, Alexander Leidinger <Alexander@Leidinger.net>, Julian Elischer <julian@freebsd.org> Subject: Re: svn commit: r261266 - in head: sys/dev/drm sys/kern sys/sys usr.sbin/jail Message-ID: <67AD08A6-BFB3-487A-B401-4AD180F4CF79@FreeBSD.org> In-Reply-To: <52F0EFE8.7030105@freebsd.org> References: <201401291341.s0TDfDcB068211@svn.freebsd.org> <20140129134344.GW66160@FreeBSD.org> <52E906CD.9050202@freebsd.org> <20140129222210.0000711f@unknown> <alpine.BSF.2.00.1401311231490.36707@fledge.watson.org> <20140131223011.0000163b@unknown> <52EC4DBB.50804@freebsd.org> <20140203235336.GA46006@ambrisko.com> <6AF2ADA6-8BAD-4875-8B15-A859B41DDCC0@FreeBSD.org> <52F0E9E9.2080402@freebsd.org> <52F0EFE8.7030105@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Wiadomo=B6=E6 napisana przez James Gritton w dniu 4 lut 2014, o godz. = 14:49: > On 2/4/2014 6:23 AM, Julian Elischer wrote: >> On 2/4/14, 3:40 PM, Robert N. M. Watson wrote: >>> On 3 Feb 2014, at 23:53, Doug Ambrisko <ambrisko@ambrisko.com> = wrote: >>>=20 >>>> It's unfortunate that vimage requires jail. I want to use vimage = but >>>> not have the security restrictions of a jail. To do this I patched >>>> jail to basically let everything through. It would be nice to be >>>> able to run jail in an insecure mode which I understand is a = contradition. >>>> I do use the jail infrastructure to set the uname*/getosreldate so >>>> that a specific jail thinks it is FreeBSD version blah. Then I can = ssh >>>> into that jail and pkg_add things, make ports etc. I use this on >>>> my laptop running current on the base. My other jails run various >>>> versions of FreeBSD. I don't care about security in this case. >>=20 >> vimage was not originally tied to jails. I can't remember why we = decided to do that :-) >=20 > Leaving the smiley aside for the present, I remember that one - and > it's closely tied to this discussion. It was part of this more > flexible vision of jails that had added features, of which security > was just one (optional) part. I thought of them as a more general > encapsulation framework as needs would arise. Just for the record, that's the exact same reason I didn't invent yet = another encapsulation mechanism for RCTL - the idea was to use jails when you = need any kind of nested hierarchy. --=20 If you cut off my head, what would I say? Me and my head, or me and my = body?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?67AD08A6-BFB3-487A-B401-4AD180F4CF79>