Date: Wed, 17 May 2000 16:45:19 -0400 From: Dan Harnett <danh@wzrd.com> To: "Jacques A . Vidrine" <n@nectar.com> Cc: freebsd-security@freebsd.org Subject: Re: Jail: Problems? Proper Usage? Status? Practicality? Message-ID: <20000517164519.A79630@mail.wzrd.com> In-Reply-To: <20000517152621.A48218@bone.nectar.com>; from n@nectar.com on Wed, May 17, 2000 at 03:26:21PM -0500 References: <20000517110758.C6884@bone.nectar.com> <Pine.NEB.3.96L.1000517123129.20229D-100000@fledge.watson.org> <20000517152621.A48218@bone.nectar.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, On Wed, May 17, 2000 at 03:26:21PM -0500, Jacques A . Vidrine wrote: > On Wed, May 17, 2000 at 12:41:49PM -0400, Robert Watson wrote: > > Simple, but costly. Imagine for a moment that you have 700 jails on a > > single machine, and you'd like to be able to consistently announce to all > > admins of all jails that a version upgrade is taking place on 5/16/2000, > > and the downtime is one hour :-). I'd rather have a single file system > > exported to all jails, saving space and time. > > For a jail running apache+php+ssl (a fairly complex application), I > have ~3.4 MB of files from the base system (35 files). This isn't > very large. One need only store the file once per filesystem (hard > links). Isn't there a downside to that as well? Unless the files are read-only, if one jail should get compromised any common shared files could actually lead to holes in the remaining jails. An example being a modified sshd or telnetd. -- Dan Harnett Wizard Communication Systems, Inc. Email: danh@wzrd.com 2 Main Street Phone: (716) 743-0091 Tonawanda, NY 14150 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000517164519.A79630>