Date: Fri, 27 Aug 2004 14:42:04 +0200 From: Oliver Eikemeier <eikemeier@fillmore-labs.com> To: Alessandro Dellavedova <alessandro.dellavedova@ifom-ieo-campus.it> Cc: ports@freebsd.org Subject: Re: Ports and jails Message-ID: <802707E1-F826-11D8-AC6A-00039312D914@fillmore-labs.com> In-Reply-To: <389B57D2-F815-11D8-81CD-00039357DA00@ifom-ieo-campus.it>
next in thread | previous in thread | raw e-mail | index | archive | help
Alessandro Dellavedova wrote: > In our infrastructure we use some daemons (bind, dhcp, openldap) that > must run into a jail for security reasons.. do you think that having a > keyword JAILED=YES in the Makefiles of ports would be useful ? openldap could be run without opening a TCP/IP socket (by using UNIX domain sockets), bind chrooted as a non-priviledged user and dhcpd often needs to listen to more than one interface (and not to externally reachable ones), so a jail is not always a "must". > Something like make install PREFIX=/path/to/jail JAILED=YES will be > difficult to implement ? jails are complete subsystems, so you could either compile the port inside the jail, or use a package building system and install it by pkg_add(1). Installing from a port into a jail is not really supported, and I don't see any necessity to do so. -Oliver
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?802707E1-F826-11D8-AC6A-00039312D914>