From owner-freebsd-questions@freebsd.org Fri Feb 2 18:08:01 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4E844EE740C for ; Fri, 2 Feb 2018 18:08:01 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (wonkity.com [67.158.26.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "wonkity.com", Issuer "wonkity.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id D1BA978220 for ; Fri, 2 Feb 2018 18:08:00 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (localhost [127.0.0.1]) by wonkity.com (8.15.2/8.15.2) with ESMTPS id w12I7xKf063289 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 2 Feb 2018 11:07:59 -0700 (MST) (envelope-from wblock@wonkity.com) Received: from localhost (wblock@localhost) by wonkity.com (8.15.2/8.15.2/Submit) with ESMTP id w12I7xRj063286; Fri, 2 Feb 2018 11:07:59 -0700 (MST) (envelope-from wblock@wonkity.com) Date: Fri, 2 Feb 2018 11:07:59 -0700 (MST) From: Warren Block To: Valeri Galtsev cc: Steve Pointer , freebsd-questions@freebsd.org Subject: Re: Jails, ping, and now DNS In-Reply-To: <47ca7d96-dd74-f041-f3fd-daed4c696dae@kicp.uchicago.edu> Message-ID: References: <737005a0c3e97d8d1e9306eb52471f89.squirrel@webmail.harte-lyne.ca> <5A74875F.9080901@gmail.com> <1517588082.2117241.1257377040.499E7DC3@webmail.messagingengine.com> <47ca7d96-dd74-f041-f3fd-daed4c696dae@kicp.uchicago.edu> User-Agent: Alpine 2.21 (BSF 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (wonkity.com [127.0.0.1]); Fri, 02 Feb 2018 11:07:59 -0700 (MST) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2018 18:08:01 -0000 On Fri, 2 Feb 2018, Valeri Galtsev wrote: > I don't think HandBook suggests ezjail is "the best method"? And it is not my > book. It can be recommended if keeps up with doing configuration the modern > way, and it should be discouraged if it stays with deprecated way. But in my > book doing jails "by the book", that is: creation jail environment without > using any scripts put out by someone. That was the first thing about how to > set up jails I learned from FreeBSD Handbook. The second thing I learned was > one can use something like ezjail... but as usually we realize that will > deprive your flexibility. I don't think HandBook ever insisted on ezjail to > be a "preferred method". > > Am I missing something? No, that's correct. We needed a section on jail management that was reasonably up to date and showed best practices, and there wasn't one. So I picked ezjail as the most popular jail management framework and wrote that section for the Handbook. Interestingly, a famous FreeBSD person said to me at BSDCan in the last couple of years that we ought to delete everything but the ezjail section from the Jails chapter, as most of it is so old.