Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 20 Apr 2001 23:04:34 +0700
From:      Igor Podlesny <poige@morning.ru>
To:        kj <kj@indifference.org>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: jail upgrade
Message-ID:  <827788228.20010420230434@morning.ru>
In-Reply-To: <20010418184305.A18763@indifference.org>
References:  <20010418184305.A18763@indifference.org>
next in thread | previous in thread | raw e-mail | index | archive | help 


k> Hey, all.

k> I have two jails on my server.

k> When I do a make world on the actual OS, does it matter if I upgrade the
k> jails as well?
I don't think so... imho, jails run application software basically --
so, it's okay... nevertheless, nothing could really prevent you from
creating some script upgrading executables with keeping their jail's
original modes, I deem. (Just seeking through specified dirs and
comparing EXEs or just theirs sizes/mtimes)

k>  I have changed a lot of file/dir permissions and so on, and
k> would rather just leave the jail file systems alone. I am just wondering
k> if I don't upgrade the jails, would things start to break?

k> Thanks,

k> K.J.

p.s.  I  have  written  a patch to jail.c which allows starting a jail
with  symbolic  names instead of IP-addr in decimal dotten notation. I
do  keep /etc/hosts where symbolic names are being translated, so it's
rather comfortable to setup jails, and firewalls for them. Here it is:

18a19,25
> #include <sys/types.h>
> #include <sys/socket.h>
> #include <netinet/in.h>
> #include <arpa/inet.h>
> #include <netdb.h>
> #include <unistd.h>
> 
37,38c44,60
<       if (!i)
<               errx(1, "Couldn't make sense of ip-number\n");
---
>       if (!i) {
>               /* check if it is resolveable */
>               struct hostent *hp;
>               hp = gethostbyname(argv[3]);
>               if (!hp) {
>                       errx(1, "Couldn't make sense of the jail address\n");
>               }
>               else {
>                       char **p = hp->h_addr_list;
>                       if (p[1]) {
>                               errx(1, "Jail should have only one ip-address
> associated with\n");
>                       }
>                       else {
>                               memcpy(&in.s_addr, p[0], sizeof(in.s_addr));
>                       }
>               }
>       }


-- 
 Igor                            mailto:poige@morning.ru



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?827788228.20010420230434>