Date: Thu, 16 May 2002 19:44:41 +0300 From: Peter Pentchev <roam@ringlet.net> To: Attila Nagy <bra@fsn.hu> Cc: freebsd-hackers@FreeBSD.org Subject: Re: reboot your own jail ? Message-ID: <20020516194441.J349@straylight.oblivion.bg> In-Reply-To: <Pine.LNX.4.44.0205161756580.26003-100000@scribble.fsn.hu>; from bra@fsn.hu on Thu, May 16, 2002 at 05:58:42PM %2B0200 References: <20020516003127.I17484-100000@utility.clubscholarship.com> <20020516144159.C349@straylight.oblivion.bg> <Pine.LNX.4.44.0205161348501.26003-100000@scribble.fsn.hu> <20020516162219.E45898@mail.webmonster.de> <20020516180414.H349@straylight.oblivion.bg> <Pine.LNX.4.44.0205161706340.26003-100000@scribble.fsn.hu> <20020516184326.I349@straylight.oblivion.bg> <Pine.LNX.4.44.0205161756580.26003-100000@scribble.fsn.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
--AXxEqdD4tcVTjWte Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, May 16, 2002 at 05:58:42PM +0200, Attila Nagy wrote: > Hello, >=20 > > Yes, for your particular kind of jail :) And as a matter of fact, most > > things could be started like that, indeed.. Seems I need to really wake > > up and start thinking, and think myself away from the 'default' concept > > of starting a full-fledged /bin/sh /etc/rc jail. > Why would a /bin/sh needed for a nameserver? For helping crackers' life? > :) > I don't really like /bin/sh /etc/rc jails. And if I can, I often do jails > on the 127/8 subnet with a simple redirect for that particular port. This > also helps preventing the cracker to connect out from that jail. Yes, this is indeed a very reasonable strategy for running jails. However, all of this has kind of strayed from the original discussion; that was why I said 'forget I said anything about supervise' :) This whole discussion started after I mistakenly decided that all jails are /bin/sh /etc/rc jails, and that the /etc/rc part keeps running for as long as the jail is alive; this alone would be the situation when supervising a jail would help 'rebooting' the jail (shutting down all processes). Since my basic premise was wrong, supervise cannot be used to reboot a whole jail (kill all the processes running within), I humbly apologize for the wasted traffic :) G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 What would this sentence be like if pi were 3? --AXxEqdD4tcVTjWte Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE84+H57Ri2jRYZRVMRApBsAKC6ybAornxj/LNfpuYMXBAxcxpjAwCfWHQu Id8Wfej2M7CoxbveiJaLWZ4= =/HD2 -----END PGP SIGNATURE----- --AXxEqdD4tcVTjWte-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020516194441.J349>