From owner-freebsd-hackers Thu May 16 9:45:26 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from south.nanolink.com (south.nanolink.com [217.75.134.10]) by hub.freebsd.org (Postfix) with SMTP id DD49237B40D for ; Thu, 16 May 2002 09:45:17 -0700 (PDT) Received: (qmail 58276 invoked from network); 16 May 2002 16:53:07 -0000 Received: from unknown (HELO straylight.ringlet.net) (212.116.140.125) by south.nanolink.com with SMTP; 16 May 2002 16:53:07 -0000 Received: (qmail 47335 invoked by uid 1000); 16 May 2002 16:44:41 -0000 Date: Thu, 16 May 2002 19:44:41 +0300 From: Peter Pentchev To: Attila Nagy Cc: freebsd-hackers@FreeBSD.org Subject: Re: reboot your own jail ? Message-ID: <20020516194441.J349@straylight.oblivion.bg> Mail-Followup-To: Attila Nagy , freebsd-hackers@FreeBSD.org References: <20020516003127.I17484-100000@utility.clubscholarship.com> <20020516144159.C349@straylight.oblivion.bg> <20020516162219.E45898@mail.webmonster.de> <20020516180414.H349@straylight.oblivion.bg> <20020516184326.I349@straylight.oblivion.bg> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="AXxEqdD4tcVTjWte" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from bra@fsn.hu on Thu, May 16, 2002 at 05:58:42PM +0200 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --AXxEqdD4tcVTjWte Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, May 16, 2002 at 05:58:42PM +0200, Attila Nagy wrote: > Hello, >=20 > > Yes, for your particular kind of jail :) And as a matter of fact, most > > things could be started like that, indeed.. Seems I need to really wake > > up and start thinking, and think myself away from the 'default' concept > > of starting a full-fledged /bin/sh /etc/rc jail. > Why would a /bin/sh needed for a nameserver? For helping crackers' life? > :) > I don't really like /bin/sh /etc/rc jails. And if I can, I often do jails > on the 127/8 subnet with a simple redirect for that particular port. This > also helps preventing the cracker to connect out from that jail. Yes, this is indeed a very reasonable strategy for running jails. However, all of this has kind of strayed from the original discussion; that was why I said 'forget I said anything about supervise' :) This whole discussion started after I mistakenly decided that all jails are /bin/sh /etc/rc jails, and that the /etc/rc part keeps running for as long as the jail is alive; this alone would be the situation when supervising a jail would help 'rebooting' the jail (shutting down all processes). Since my basic premise was wrong, supervise cannot be used to reboot a whole jail (kill all the processes running within), I humbly apologize for the wasted traffic :) G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 What would this sentence be like if pi were 3? --AXxEqdD4tcVTjWte Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE84+H57Ri2jRYZRVMRApBsAKC6ybAornxj/LNfpuYMXBAxcxpjAwCfWHQu Id8Wfej2M7CoxbveiJaLWZ4= =/HD2 -----END PGP SIGNATURE----- --AXxEqdD4tcVTjWte-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message