Date: Tue, 1 Feb 2005 12:09:21 +0300 (MSK) From: Dmitry Morozovsky <marck@rinet.ru> To: delphij@delphij.net Cc: mtm@freebsd.org Subject: Re: Idea about "skeleton jail" Message-ID: <20050201120621.W90636@woozle.rinet.ru> In-Reply-To: <1107178792.613.22.camel@spirit> References: <1107178792.613.22.camel@spirit>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Xin, On Mon, 31 Jan 2005, Xin LI wrote: XL> What I am going to proposal is a concept that I call it "skeleton jail", XL> or "skeljail" for short. A skel jail is something that shares most base XL> system binaries/libraries with the host, through read-only mount_null's. [snip] XL> I have some handcrafted shell scripts to implement skeljail by having XL> everything automatically mounted/dismounted. However, I think it might XL> be better if we can have jail_<name>_skeljail="YES" switch in our jail XL> rc.d(8) startup script. Please let me know if you are interested in the XL> idea and I'll post a patch for review if there's enough people that XL> wants this. I wrote some scripts for very similar process (however, I used one mount to null mount jail's /usr, and move/symlinked /bin and /sbin to /usr/Rbin and /usr/Rsbin, with /usr/local, /usr/home and /usrX11R6 linked out to jail root) I'm very interested in your patchset, at least for comparing with our (and for learning, or course! ;-) Thanks! Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050201120621.W90636>