From owner-freebsd-questions@FreeBSD.ORG Mon Apr 11 13:11:54 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B5BE516A4CE for ; Mon, 11 Apr 2005 13:11:54 +0000 (GMT) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id B301243D39 for ; Mon, 11 Apr 2005 13:11:53 +0000 (GMT) (envelope-from emanuel.strobl@gmx.net) Received: (qmail invoked by alias); 11 Apr 2005 13:11:52 -0000 Received: from flb.schmalzbauer.de (EHLO cale.flintsbach.schmalzbauer.de) [62.245.232.135] by mail.gmx.net (mp016) with SMTP; 11 Apr 2005 15:11:52 +0200 X-Authenticated: #301138 From: Emanuel Strobl To: freebsd-questions@freebsd.org Date: Mon, 11 Apr 2005 15:11:42 +0200 User-Agent: KMail/1.7.2 References: <20050408151825.21604186.albi@scii.nl> In-Reply-To: <20050408151825.21604186.albi@scii.nl> X-Birthday: 10/06/72 X-CelPhone: +49 173 9967781 X-Tel: +49 89 18947781 X-Country: Germany X-Address: Munich, 80686 X-OS: FreeBSD MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart6330946.8FPuyJ46Ro"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200504111511.54639@harrymail> X-Y-GMX-Trusted: 0 cc: "albi@scii.nl" Subject: Re: restricting "fat jails" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Apr 2005 13:11:54 -0000 --nextPart6330946.8FPuyJ46Ro Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Freitag, 8. April 2005 15:18 schrieb albi@scii.nl: > i was wondering exactly which files in /dev/ can be removed in a jail ? If we're talking about FreeBSD 5.x none, sinc it's devfs. You can control=20 which devices are in a jail by creating jail_NAME_devfs_ruleset. > and i thought of a dirty approach of restricting building a jail by > removed the parts in /usr/obj/ that you don't want, but i bet that make > installworld is gonna complain about, is there a way around ? There's make.conf, especially lines like: #NO_ACPI=3D true # do not build acpiconf(8) and related programs #NO_BOOT=3D true # do not build boot blocks and loader NO_CVS=3D true # do not build CVS #NO_CXX=3D true # do not build C++ and friends NO_BLUETOOTH=3D true # do not build Bluetooth related stuff #NO_DYNAMICROOT=3Dtrue # do not link /bin and /sbin dynamically NO_FORTRAN=3D true # do not build g77 and related libraries #NO_GDB=3D true # do not build GDB NO_I4B=3D true # do not build isdn4bsd package NO_IPFILTER=3D true # do not build IP Filter package NO_PF=3D true # do not build PF firewall package NO_AUTHPF=3D true # do not build and install authpf (setuid/gid) =2E... =2DHarry > (perhaps something else than make -i installworld) > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" --nextPart6330946.8FPuyJ46Ro Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCWneaBylq0S4AzzwRAowSAJ487wu3dQvCc0nBmgZUs+x3sD1wRACfVcHl IyQqaZmig8fkqD+86WpUiFg= =oWfc -----END PGP SIGNATURE----- --nextPart6330946.8FPuyJ46Ro--