From owner-freebsd-questions@FreeBSD.ORG Tue May 11 22:46:48 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0415416A4CE for ; Tue, 11 May 2004 22:46:48 -0700 (PDT) Received: from hobbiton.shire.net (hobbiton.shire.net [206.71.64.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF92043D45 for ; Tue, 11 May 2004 22:46:47 -0700 (PDT) (envelope-from chad@shire.net) Received: from [67.161.247.57] (helo=[192.168.99.66]) by hobbiton.shire.net with asmtp (TLSv1:RC4-SHA:128) (Exim 4.10) id 1BNmZr-0007Ls-00 for freebsd-questions@freebsd.org; Tue, 11 May 2004 23:46:47 -0600 Mime-Version: 1.0 (Apple Message framework v613) In-Reply-To: References: Message-Id: From: "Chad Leigh -- Shire.Net LLC" Date: Tue, 11 May 2004 23:46:43 -0600 To: freebsd-questions@freebsd.org Questions X-Mailer: Apple Mail (2.613) Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on hobbiton.shire.net X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.63 X-Spam-Level: Subject: Re: read only system file systems for jail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 May 2004 05:46:48 -0000 On May 11, 2004, at 11:31 PM, Chad Leigh -- Shire.Net LLC wrote: > Hi All > > I am playing around on 5.2-CURRENT and am setting up a system to run > various programs inside of jails. Including allowing the users to ssh > in etc. > > Is there a fundamental problem of having the following all be > read-only file systems, with the noted exceptions? > > /bin > /sbin > /libexec > /lib > /usr > /var > > note: /usr/local would not be readonly and /var/tmp would not be > readonly > Sorry, the whole /var is not readonly. Sorry, I misread my notes... Chad > It seems to work in my test jails but I was wondering about hidden > problems or non obvious problems. > > note that users are not allowed root privilege and hence are not > installing stuff into any of these hierarchies and no /usr/ports > > Thanks > Chad > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"