From owner-freebsd-stable@FreeBSD.ORG Tue Feb 18 04:30:46 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6EC3ED19 for ; Tue, 18 Feb 2014 04:30:46 +0000 (UTC) Received: from moof.catpipe.net (moof.catpipe.net [194.28.252.64]) by mx1.freebsd.org (Postfix) with ESMTP id 2A5DE198F for ; Tue, 18 Feb 2014 04:30:45 +0000 (UTC) Received: from localhost (moof.catpipe.net [194.28.252.64]) by localhost.catpipe.net (Postfix) with ESMTP id BFFB74CEA77; Tue, 18 Feb 2014 05:30:37 +0100 (CET) Received: from moof.catpipe.net ([194.28.252.64]) by localhost (moof.catpipe.net [194.28.252.64]) (amavisd-new, port 10024) with ESMTP id N7IzBaL+SSmN; Tue, 18 Feb 2014 05:30:37 +0100 (CET) Received: from macbook.bluepipe.net (unknown [203.176.151.250]) (Authenticated sender: relayuser) by moof.catpipe.net (Postfix) with ESMTPA id DDAAC4CE983; Tue, 18 Feb 2014 05:30:36 +0100 (CET) Received: by macbook.bluepipe.net (Postfix, from userid 1001) id BEED41CABF5C; Tue, 18 Feb 2014 12:30:32 +0800 (MYT) Date: Tue, 18 Feb 2014 12:30:32 +0800 From: Phil Regnauld To: "A.J. 'Fonz' van Werven" Subject: Re: Should I use jail? Message-ID: <20140218043032.GD81705@macbook.bluepipe.net> References: <5300C998.7010508@gibfest.dk> <20140216142824.GA25883@spectrum.skysmurf.nl> <20140216151257.GP71201@macbook.bluepipe.net> <20140217183927.GA6886@spectrum.skysmurf.nl> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20140217183927.GA6886@spectrum.skysmurf.nl> X-Operating-System: Darwin 13.0.0 x86_64 User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Feb 2014 04:30:46 -0000 A.J. 'Fonz' van Werven (freebsd) writes: > > The problem with NIS (and by extension NFS) is rpcbind, which AFAIK cannot > run in a jail. I've never tried, and I see a number of older PRs about this. > What do you know: what was intended as a smartass comment that I almost > refrained from sending in the first place actually elicited a useful > response. Thank you very much for the suggestion, I'll look into that. :) > The main question would be which /dev entry provides (write) access to the > system clock, if that even goes through a /dev entry to begin with. A > quick look through /usr/src/sys didn't turn up anything. As pointed out, unless ntpd is sampling a PPS, you don't need a device. But apart from running ntpd within chroot, I don't think it's possible as adjtime won't allow jailed processes to set the clock (and there is no override for that). Ok, so the advice wasn't so useful after all - sorry! Cheers, Phil