Date: Thu, 26 Jul 2018 06:32:39 -0700 (PDT) From: "Rodney W. Grimes" <freebsd@pdx.rh.CN85.dnsmgr.net> To: Shawn Webb <shawn.webb@hardenedbsd.org> Cc: Kyle Evans <kevans@freebsd.org>, src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: Re: svn commit: r336731 - projects/bectl/sbin/bectl Message-ID: <201807261332.w6QDWdQI045745@pdx.rh.CN85.dnsmgr.net> In-Reply-To: <20180726131959.qplqj62fkjzcfyid@mutt-hbsd>
next in thread | previous in thread | raw e-mail | index | archive | help
-- Start of PGP signed section. > On Thu, Jul 26, 2018 at 04:07:37AM +0000, Kyle Evans wrote: > > Author: kevans > > Date: Thu Jul 26 04:07:36 2018 > > New Revision: 336731 > > URL: https://svnweb.freebsd.org/changeset/base/336731 > > > > Log: > > bectl(8): Redo jail using jail(3) API > > > > The jail is created with allow.mount, allow.mount.devfs, and > > enforce_statfs=1. Upon creation, we immediately attach, chdir to "/", and > > drop the user into a shell inside the jail. > > > > The default IP for this is arbitrarily 10.20.30.40. > > It seems this would only allow working in a single jailed BE at a > time, correct? Also it is just bad practice to use arbitrary IP's from rfc1918 space. IMHO it would be better to pick a rfc3927 link local address, or one of the rfc5737 test network addresses. Please see RFC5735 page 6, table in section 4, no place in FreeBSD base system should we be shipping stuff that uses rfc1918, that is private space that does not belong to the OS. > Thanks, > Shawn Webb Regards, -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201807261332.w6QDWdQI045745>