Date: Thu, 16 May 2002 18:43:26 +0300 From: Peter Pentchev <roam@ringlet.net> To: Attila Nagy <bra@fsn.hu> Cc: freebsd-hackers@FreeBSD.org Subject: Re: reboot your own jail ? Message-ID: <20020516184326.I349@straylight.oblivion.bg> In-Reply-To: <Pine.LNX.4.44.0205161706340.26003-100000@scribble.fsn.hu>; from bra@fsn.hu on Thu, May 16, 2002 at 05:10:06PM %2B0200 References: <20020516003127.I17484-100000@utility.clubscholarship.com> <20020516144159.C349@straylight.oblivion.bg> <Pine.LNX.4.44.0205161348501.26003-100000@scribble.fsn.hu> <20020516162219.E45898@mail.webmonster.de> <20020516180414.H349@straylight.oblivion.bg> <Pine.LNX.4.44.0205161706340.26003-100000@scribble.fsn.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
--mhOzvPhkurUs4vA9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, May 16, 2002 at 05:10:06PM +0200, Attila Nagy wrote: > Hello, >=20 > > Okay, forget I said anything about supervise; it does not seem to be > > applicable for jails at all :( > Why? >=20 > ns# cat /var/service/ns.XXX.hu/run > #!/bin/sh >=20 > exec /usr/sbin/jail /data/jail/ns.XXX.hu ns.XXX.hu 192.168.2.2 \ > /usr/local/sbin/chrootuid / bind /usr/local/sbin/named -c \ > /etc/bind/named.conf -f >=20 > In /data/jail/ns.XXX.hu there is only a single, statically linked named > binary, and the config files. named runs on a high port (>1024), so I can > start as the bind user. In front of the machine there is a packet filter, > which does NAT. >=20 > It is perfectly working with daemontools/supervise :) Yes, for your particular kind of jail :) And as a matter of fact, most things could be started like that, indeed.. Seems I need to really wake up and start thinking, and think myself away from the 'default' concept of starting a full-fledged /bin/sh /etc/rc jail. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This would easier understand fewer had omitted. --mhOzvPhkurUs4vA9 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE849Oe7Ri2jRYZRVMRAmmkAJwIU4XW+nIC7e9Ac+pejGl7h8ddkQCgqGiR OxxpePI67SFR+jSS+4vyx8o= =ZwFu -----END PGP SIGNATURE----- --mhOzvPhkurUs4vA9-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020516184326.I349>