From owner-freebsd-questions@FreeBSD.ORG Tue Jul 20 23:38:23 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 23CAF1065674 for ; Tue, 20 Jul 2010 23:38:23 +0000 (UTC) (envelope-from glen.j.barber@gmail.com) Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id C21588FC14 for ; Tue, 20 Jul 2010 23:38:22 +0000 (UTC) Received: by vws19 with SMTP id 19so8278624vws.13 for ; Tue, 20 Jul 2010 16:38:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=cGFQdo0q/HApmvpVNSahY3K4ipCbJm2J1g1XP51+6x0=; b=NHMTjtnhC9+PDVxyJm4xj7NRQttaaNmILiD+N/YMYfdqPacnSJoEGBEHdBDSOYPQLM aZCUtHsFjLbZ2rLgKfPO51AsjGXkbLPrq/TCE+Jjc6uwLjo3PlwHRUp4fqr5WhYH1ahu JqbMLpVplPVyrrNUywjAEace/O/tkbwca6hYo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=EYMN4WCZO0I0egEQPJiwHsFFvFUdJO8U2S9zaQjuaoS7lRUFuIrtBa1QghcAsgsP3L BBKP3Gvg9eFzrsu6hX2bybJZJFyr0DFjUW+N3tJrc843lTkFz5SYFj33xRRw32GFtXII QwC46PBtiDnGDaZzIP1fDX4lh0j3aatSKU2g8= Received: by 10.220.62.136 with SMTP id x8mr3911061vch.175.1279669100193; Tue, 20 Jul 2010 16:38:20 -0700 (PDT) Received: from schism.local (c-71-230-240-241.hsd1.pa.comcast.net [71.230.240.241]) by mx.google.com with ESMTPS id v11sm17312802vbb.11.2010.07.20.16.38.17 (version=SSLv3 cipher=RC4-MD5); Tue, 20 Jul 2010 16:38:18 -0700 (PDT) Message-ID: <4C463368.7000405@gmail.com> Date: Tue, 20 Jul 2010 19:38:16 -0400 From: Glen Barber User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.7) Gecko/20100713 Thunderbird/3.1.1 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Recommend ezjail.conf settings? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jul 2010 23:38:23 -0000 Hi Ed, On 7/20/10 12:54 PM, Ed Flecko wrote: > Hi folks, > I'm looking at the ezjail.conf file, and it seems like SOME of the > settings might be mandatory, but they're all commented out. > > For example, the: > > # ezjail_mount_enable="YES" Uncommenting and setting to NO would disable mounting the /basejail, read-only bits. > # ezjail_devfs_enable="YES" > # ezjail_devfs_ruleset="devfsrules_jail" If you have specific devfs needs for the jail, you can enable a special rule. Have a look at devfs(8) and devfs.conf(5) if you need to modify this, though you probably won't need to. > # ezjail_procfs_enable="YES" Disabling this will disable procfs(5). I recommend this one if you don't need procfs(5). > # ezjail_fdescfs_enable="YES" > Similarly to procfs above. I haven't found any reason to disable this. > should be uncommented because they're "Default options for newly > created jails", right? > Correct, they are enabled by default, and show the default value. > Are there any of the other settings I might want to consider enabling? > Depends on what your usage needs are. :) Regards, -- Glen Barber