Date: Fri, 27 Aug 2004 12:34:03 -0700 From: Mark Foster <mark@foster.cc> To: ports@freebsd.org Subject: Re: Ports and jails Message-ID: <20040827193403.GD11124@riddler.dyndns.org> In-Reply-To: <802707E1-F826-11D8-AC6A-00039312D914@fillmore-labs.com> References: <389B57D2-F815-11D8-81CD-00039357DA00@ifom-ieo-campus.it> <802707E1-F826-11D8-AC6A-00039312D914@fillmore-labs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--KdquIMZPjGJQvRdI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Aug 27, 2004 at 02:42:04PM +0200, Oliver Eikemeier wrote: > Alessandro Dellavedova wrote: >=20 > >In our infrastructure we use some daemons (bind, dhcp, openldap) that = =20 > >must run into a jail for security reasons.. do you think that having a = =20 > >keyword JAILED=3DYES in the Makefiles of ports would be useful ? >=20 > openldap could be run without opening a TCP/IP socket (by using UNIX=20 > domain sockets), bind chrooted as a non-priviledged user and dhcpd often= =20 > needs to listen to more than one interface (and not to externally=20 > reachable ones), so a jail is not always a "must". >=20 > >Something like make install PREFIX=3D/path/to/jail JAILED=3DYES will be = =20 > >difficult to implement ? >=20 > jails are complete subsystems, so you could either compile the port=20 > inside the jail, or use a package building system and install it by=20 > pkg_add(1). Installing from a port into a jail is not really supported,= =20 > and I don't see any necessity to do so. >=20 I'll bet he meant chroot() like bind9 takes with -t --=20 Some days it's just not worth chewing through the restraints... Mark D. Foster, CISSP <mark@foster.cc> http://mark.foster.cc/ --KdquIMZPjGJQvRdI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFBL4yrsP1x4ZySqYcRArPCAKDD3suM/rHI2VwxFWijrJhgvqsgUgCgjIQ8 fd3PyDzHJBZYG0nPrLdTfAk= =eatb -----END PGP SIGNATURE----- --KdquIMZPjGJQvRdI--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040827193403.GD11124>