From owner-freebsd-hackers@FreeBSD.ORG Tue Feb 1 09:09:42 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 06D0F16A4CE; Tue, 1 Feb 2005 09:09:42 +0000 (GMT) Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id D3FBD43D3F; Tue, 1 Feb 2005 09:09:40 +0000 (GMT) (envelope-from marck@rinet.ru) Received: from localhost (localhost [127.0.0.1]) by woozle.rinet.ru (8.13.1/8.13.1) with ESMTP id j1199Ll8034855; Tue, 1 Feb 2005 12:09:21 +0300 (MSK) (envelope-from marck@rinet.ru) Date: Tue, 1 Feb 2005 12:09:21 +0300 (MSK) From: Dmitry Morozovsky To: delphij@delphij.net In-Reply-To: <1107178792.613.22.camel@spirit> Message-ID: <20050201120621.W90636@woozle.rinet.ru> References: <1107178792.613.22.camel@spirit> X-NCC-RegID: ru.rinet MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-hackers@freebsd.org cc: mtm@freebsd.org Subject: Re: Idea about "skeleton jail" X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Feb 2005 09:09:42 -0000 Dear Xin, On Mon, 31 Jan 2005, Xin LI wrote: XL> What I am going to proposal is a concept that I call it "skeleton jail", XL> or "skeljail" for short. A skel jail is something that shares most base XL> system binaries/libraries with the host, through read-only mount_null's. [snip] XL> I have some handcrafted shell scripts to implement skeljail by having XL> everything automatically mounted/dismounted. However, I think it might XL> be better if we can have jail__skeljail="YES" switch in our jail XL> rc.d(8) startup script. Please let me know if you are interested in the XL> idea and I'll post a patch for review if there's enough people that XL> wants this. I wrote some scripts for very similar process (however, I used one mount to null mount jail's /usr, and move/symlinked /bin and /sbin to /usr/Rbin and /usr/Rsbin, with /usr/local, /usr/home and /usrX11R6 linked out to jail root) I'm very interested in your patchset, at least for comparing with our (and for learning, or course! ;-) Thanks! Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------