Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 11 Apr 2005 15:11:42 +0200
From:      Emanuel Strobl <emanuel.strobl@gmx.net>
To:        freebsd-questions@freebsd.org
Cc:        "albi@scii.nl" <albi@scii.nl>
Subject:   Re: restricting "fat jails"
Message-ID:  <200504111511.54639@harrymail>
In-Reply-To: <20050408151825.21604186.albi@scii.nl>
References:  <20050408151825.21604186.albi@scii.nl>
next in thread | previous in thread | raw e-mail | index | archive | help 
--nextPart6330946.8FPuyJ46Ro
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Am Freitag, 8. April 2005 15:18 schrieb albi@scii.nl:
> i was wondering exactly which files in /dev/ can be removed in a jail ?

If we're talking about FreeBSD 5.x none, sinc it's devfs. You can control=20
which devices are in a jail by creating jail_NAME_devfs_ruleset.

> and i thought of a dirty approach of restricting building a jail by
> removed the parts in /usr/obj/ that you don't want, but i bet that make
> installworld is gonna complain about, is there a way around ?

There's make.conf, especially lines like:
#NO_ACPI=3D       true    # do not build acpiconf(8) and related programs
#NO_BOOT=3D       true    # do not build boot blocks and loader
NO_CVS=3D true    # do not build CVS
#NO_CXX=3D        true    # do not build C++ and friends
NO_BLUETOOTH=3D   true    # do not build Bluetooth related stuff
#NO_DYNAMICROOT=3Dtrue    # do not link /bin and /sbin dynamically
NO_FORTRAN=3D     true    # do not build g77 and related libraries
#NO_GDB=3D        true    # do not build GDB
NO_I4B=3D true    # do not build isdn4bsd package
NO_IPFILTER=3D    true    # do not build IP Filter package
NO_PF=3D          true    # do not build PF firewall package
NO_AUTHPF=3D      true    # do not build and install authpf (setuid/gid)
=2E...

=2DHarry


> (perhaps something else than make -i installworld)
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"

--nextPart6330946.8FPuyJ46Ro
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iD8DBQBCWneaBylq0S4AzzwRAowSAJ487wu3dQvCc0nBmgZUs+x3sD1wRACfVcHl
IyQqaZmig8fkqD+86WpUiFg=
=oWfc
-----END PGP SIGNATURE-----

--nextPart6330946.8FPuyJ46Ro--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504111511.54639>