From owner-freebsd-jail@FreeBSD.ORG Mon Feb 16 11:06:54 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 627821065675 for ; Mon, 16 Feb 2009 11:06:54 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 4E1AE8FC2E for ; Mon, 16 Feb 2009 11:06:54 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n1GB6sM9096174 for ; Mon, 16 Feb 2009 11:06:54 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n1GB6rhG096170 for freebsd-jail@FreeBSD.org; Mon, 16 Feb 2009 11:06:53 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 16 Feb 2009 11:06:53 GMT Message-Id: <200902161106.n1GB6rhG096170@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2009 11:06:55 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 3 problems total. From owner-freebsd-jail@FreeBSD.ORG Mon Feb 16 20:55:13 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7A231106564A for ; Mon, 16 Feb 2009 20:55:13 +0000 (UTC) (envelope-from anders.hagman@netplex.se) Received: from mailfront1.netatonce.net (mailfront1.netatonce.net [217.10.96.36]) by mx1.freebsd.org (Postfix) with ESMTP id 046158FC13 for ; Mon, 16 Feb 2009 20:55:12 +0000 (UTC) (envelope-from anders.hagman@netplex.se) Received: from localhost (localhost [127.0.0.1]) by mailfront1.netatonce.net (Postfix) with ESMTP id 902BD4058 for ; Mon, 16 Feb 2009 21:55:11 +0100 (CET) X-Virus-Scanned: by amavis at netatonce.net Received: from mailfront1.netatonce.net ([127.0.0.1]) by localhost (mailfront1.netatonce.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7jjygubC0nBP for ; Mon, 16 Feb 2009 21:55:11 +0100 (CET) Received: from ns.halleforshunden.org (user55.85-195-9.netatonce.net [85.195.9.55]) by mailfront1.netatonce.net (Postfix) with ESMTP id 2E803403A for ; Mon, 16 Feb 2009 21:55:10 +0100 (CET) Received: from dator6.halleforshunden.org (dator6 [10.1.10.6]) by ns.halleforshunden.org (8.13.3/8.13.3) with ESMTP id n1GKt80E019914 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 16 Feb 2009 21:55:10 +0100 (CET) (envelope-from anders.hagman@netplex.se) Received: from [127.0.0.1] (pptp1.halleforshunden.org [10.1.12.16]) by dator6.halleforshunden.org (8.14.2/8.14.2) with ESMTP id n1GKsbMs041531 for ; Mon, 16 Feb 2009 21:54:38 +0100 (CET) (envelope-from anders.hagman@netplex.se) Message-ID: <4999D2A2.4000107@netplex.se> Date: Mon, 16 Feb 2009 21:54:58 +0100 From: Anders Hagman User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: freebsd-jail@freebsd.org References: <499733EC.3040706@netplex.se> In-Reply-To: <499733EC.3040706@netplex.se> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 090216-1, 2009-02-16), Outbound message X-Antivirus-Status: Clean Subject: Re: BIND in jail problem X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2009 20:55:13 -0000 Hi responding to my own mail with a solution: If you spell right resolv and not reslov everything works. [root@ippbx1 ~]# mv /etc/reslov.conf /etc/resolv.conf [root@ippbx1 ~]# host ippbx1 ippbx1.kalmar.se has address 172.16.101.3 Working with bash helps you spell. ;-> > Hi > > I'm trying to use BIND inside a jail and have passed the chroot > problem and have a running named without chroot. > > The problem is that the jail does not have the address 127.0.0.1 or does > not use the info in resolv.conf. > > When I use the host command I get: > > [root@ippbx1 ~]# host ippbx1 > ;; reply from unexpected source: 172.16.101.3#53, expected 127.0.0.1#53 > > /etc/resolv.conf > domain kalmar.se > search kalmar.se > nameserver 127.0.0.1 > > tcpdump: > 21:33:49.569332 IP (tos 0x0, ttl 64, id 31390, offset 0, flags [none], > proto UDP (17), length 52) 172.16.101.3.62278 > 172.16.101.3.53: 28477+ > A? ippbx1. (24) > > 21:33:49.569890 IP (tos 0x0, ttl 64, id 31393, offset 0, flags [none], > proto UDP (17), length 52) 172.16.101.3.53 > 172.16.101.3.62278: 28477 > ServFail 0/0/0 (24 > > As you can see the destination address is 172.16.101.3 despite the name > server address in resolv.conf. The host command does not add the domain > as it should and sends the query as "A? ippbx1" instead of "A? > ippbx1.kalmar.se". The host command expects to get an answer from > 127.0.0.1. > > Changing the nameserver address in resolv.conf to 172.16.101.3 does not > change anything. Using the FQDN does not help because it's still the > wrong expected address. The only thing that works is: host > ippbx1.kalmar.se 172.16.101.3. > > Using ping give a different picture: > > [root@ippbx1 ~]# ping ippbx1 > ping: cannot resolve ippbx1: Host name lookup failure > > /etc/resolv.conf > domain kalmar.se > search kalmar.se > nameserver 172.16.101.3 > > > tcpdump: > 21:47:39.143152 IP (tos 0x0, ttl 64, id 31817, offset 0, flags [none], > proto UDP (17), length 62) 172.16.101.3.60878 > 127.0.0.1.53: 35805+ A? > ippbx1.kalmar.se. (34) > 21:47:39.143165 IP (tos 0x0, ttl 64, id 31818, offset 0, flags [none], > proto ICMP (1), length 56) 127.0.0.1 > 172.16.101.3: ICMP 127.0.0.1 udp > port 53 unreachable, length 36 > > > ping does add the domain to the query but does not read the address from > resolv.conf and sends the query to 127.0.0.1. And 127.0.0.1 is the host > 0 machine and does not run BIND. > > > uname -a > FreeBSD ippbx1.kalmar.se 7.1-RELEASE FreeBSD 7.1-RELEASE #0 > named -v > BIND 9.4.2-P2 > > named.conf: > zone "kalmar.se" { type master; file "master/kalmar"; }; > zone "101.16.172.in-addr.arpa" { type master; file "master/kalmar.rev"; }; > > zone file kalmar: > > $TTL 3h > @ SOA ippbx1.kalmar.se. root.ippbx1.kalmar.se. 42 1d 12h 1w 3h > ; Serial, Refresh, Retry, Expire, Neg. cache TTL > > IN NS ippbx1.kalmar.se. > ippbx1 IN A 172.16.101.3 > > zone file kalmar.rev: > > $TTL 3h > @ SOA ippbx1.kalmar.se. root.ippbx1.kalmar.se. 42 1d 12h 1w 3h > ; Serial, Refresh, Retry, Expire, Neg. cache TTL > IN NS ippbx1.kalmar.se. > 3 IN PTR ippbx1.kalmar.se. > > > Why do I what to run BIND inside a jail? Well I'm building a IP-PBX lab > and want to run six autonomous jails with DNS, DHCP, NTP and asterisk > inside. > DHCP and Asterisk works but DNS is vital for the lab. > > BR > Anders H > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > From owner-freebsd-jail@FreeBSD.ORG Wed Feb 18 03:48:20 2009 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DA853106566B; Wed, 18 Feb 2009 03:48:20 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id AFD238FC0C; Wed, 18 Feb 2009 03:48:20 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n1I3mKUR048719; Wed, 18 Feb 2009 03:48:20 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n1I3mK8b048715; Wed, 18 Feb 2009 03:48:20 GMT (envelope-from linimon) Date: Wed, 18 Feb 2009 03:48:20 GMT Message-Id: <200902180348.n1I3mK8b048715@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-jail@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: bin/131800: [jail] rpcbind(8) fails to start in jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Feb 2009 03:48:21 -0000 Old Synopsis: rpcbind fails to start in jail New Synopsis: [jail] rpcbind(8) fails to start in jail Responsible-Changed-From-To: freebsd-bugs->freebsd-jail Responsible-Changed-By: linimon Responsible-Changed-When: Wed Feb 18 03:47:51 UTC 2009 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=131800 From owner-freebsd-jail@FreeBSD.ORG Wed Feb 18 10:30:03 2009 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EFA121065677 for ; Wed, 18 Feb 2009 10:30:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C419D8FC19 for ; Wed, 18 Feb 2009 10:30:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n1IAU3tg092172 for ; Wed, 18 Feb 2009 10:30:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n1IAU30H092167; Wed, 18 Feb 2009 10:30:03 GMT (envelope-from gnats) Date: Wed, 18 Feb 2009 10:30:03 GMT Message-Id: <200902181030.n1IAU30H092167@freefall.freebsd.org> To: freebsd-jail@FreeBSD.org From: "Bjoern A. Zeeb" Cc: Subject: Re: bin/131800: [jail] rpcbind(8) fails to start in jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Bjoern A. Zeeb" List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Feb 2009 10:30:04 -0000 The following reply was made to PR bin/131800; it has been noted by GNATS. From: "Bjoern A. Zeeb" To: bug-followup@FreeBSD.org, rob@debank.tv Cc: Subject: Re: bin/131800: [jail] rpcbind(8) fails to start in jail Date: Wed, 18 Feb 2009 10:23:02 +0000 (UTC) Hi, this jail behaviour will soon change again that opening an IPv6 socket will be possible w/o the IP though this currently matches the behavior of the base system. The problem here seems to be that (without looking at the code) rpcbind is not checking return codes properly. /bz -- Bjoern A. Zeeb The greatest risk is not taking one. From owner-freebsd-jail@FreeBSD.ORG Fri Feb 20 01:16:31 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3DBEE106564A; Fri, 20 Feb 2009 01:16:31 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.delphij.net (delphij-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:2c9::2]) by mx1.freebsd.org (Postfix) with ESMTP id D44E68FC15; Fri, 20 Feb 2009 01:16:30 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [211.166.10.233]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by tarsier.delphij.net (Postfix) with ESMTPS id BC8EC28448; Fri, 20 Feb 2009 09:16:29 +0800 (CST) Received: from localhost (tarsier.geekcn.org [211.166.10.233]) by tarsier.geekcn.org (Postfix) with ESMTP id 41DEFEB0B17; Fri, 20 Feb 2009 09:16:29 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([211.166.10.233]) by localhost (mail.geekcn.org [211.166.10.233]) (amavisd-new, port 10024) with ESMTP id KqcOJLzh4o8y; Fri, 20 Feb 2009 09:16:24 +0800 (CST) Received: from charlie.delphij.net (adsl-76-237-33-62.dsl.pltn13.sbcglobal.net [76.237.33.62]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTPSA id 44A9FEB0924; Fri, 20 Feb 2009 09:16:22 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:reply-to:organization:user-agent: mime-version:to:cc:subject:references:in-reply-to: x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=lWCc7XW7ykv7n7cIw5SRqJEgVxapGmI96/3jcrhDU66BGmclKslIIHZDW+rh7qCJR qRDxXas4AFepAHuFpTzXg== Message-ID: <499E0463.2070608@delphij.net> Date: Thu, 19 Feb 2009 17:16:19 -0800 From: Xin LI Organization: The FreeBSD Project User-Agent: Thunderbird 2.0.0.19 (X11/20090217) MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <499244E6.9030205@delphij.net> <20090212122419.Q53478@maildrop.int.zabbadoz.net> In-Reply-To: <20090212122419.Q53478@maildrop.int.zabbadoz.net> X-Enigmail-Version: 0.95.7 OpenPGP: id=18EDEBA0; url=http://www.delphij.net/delphij.asc Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-rc@FreeBSD.org, freebsd-jail@freebsd.org, d@delphij.net, FreeBSD Current Subject: Re: [RFC] Skeleton jail (rc.d feature proposal) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2009 01:16:31 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Bjoern, Bjoern A. Zeeb wrote: [...] > I do not have the following two on most/any of my machines: > >> usr/src >> usr/obj I agree. > The correct way to do this I think would leave rc.d/jail untouched and > (pre-)populate an /etc/fstab. and use that. I do not think this is a very good approach for this use case. Making it an rc.conf option, enables the following tasks as a one-liner change: - Enabling/Disabling skeleton jail (how will the system perform if I have the template directories read-only?); - Switching template root (what will happen if switch from 7.1 userland to 7.2 userland?); - Change mount points within all jails. I do admit that all these can be done with scripts though. Cheers, - -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (FreeBSD) iEYEARECAAYFAkmeBGIACgkQi+vbBBjt66A4GgCgsBo4b6PNTVDX3/3SCyv/ezXI 6+wAn2KZFdazhFjyyf0RPFHP6+8YpyPS =rHFi -----END PGP SIGNATURE----- From owner-freebsd-jail@FreeBSD.ORG Fri Feb 20 02:20:11 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4CCAA106566C; Fri, 20 Feb 2009 02:20:11 +0000 (UTC) (envelope-from quakelee@geekcn.org) Received: from tarsier.delphij.net (delphij-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:2c9::2]) by mx1.freebsd.org (Postfix) with ESMTP id DE16F8FC17; Fri, 20 Feb 2009 02:20:09 +0000 (UTC) (envelope-from quakelee@geekcn.org) Received: from tarsier.geekcn.org (tarsier.geekcn.org [211.166.10.233]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by tarsier.delphij.net (Postfix) with ESMTPS id A12D628449; Fri, 20 Feb 2009 10:20:08 +0800 (CST) Received: from localhost (tarsier.geekcn.org [211.166.10.233]) by tarsier.geekcn.org (Postfix) with ESMTP id 2FC45EB0A49; Fri, 20 Feb 2009 10:20:08 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([211.166.10.233]) by localhost (mail.geekcn.org [211.166.10.233]) (amavisd-new, port 10024) with ESMTP id wQ1KJQthCnK4; Fri, 20 Feb 2009 10:20:03 +0800 (CST) Received: from qld630 (unknown [219.142.100.201]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTPSA id D2C16EB0947; Fri, 20 Feb 2009 10:20:02 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=geekcn.org; c=nofws; q=dns; h=date:to:subject:from:organization:cc:content-type: mime-version:references:content-transfer-encoding:message-id:in-reply-to:user-agent; b=TeBvowhwQ+umOE8j+V/60PdMIpz8ZHw7nfK2ggkVnzJSkbR88Gl27kkHzmqU+NxOG b11zyNX7ZKOj0+QlOqx8Q== Date: Fri, 20 Feb 2009 10:20:01 +0800 To: d@delphij.net, "Bjoern A. Zeeb" From: "Chao Shin" Organization: GeekCN Content-Type: text/plain; format=flowed; delsp=yes; charset=utf-8 MIME-Version: 1.0 References: <499244E6.9030205@delphij.net> <20090212122419.Q53478@maildrop.int.zabbadoz.net> <499E0463.2070608@delphij.net> Content-Transfer-Encoding: 8bit Message-ID: In-Reply-To: <499E0463.2070608@delphij.net> User-Agent: Opera Mail/9.62 (Win32) Cc: freebsd-jail@freebsd.org, freebsd-rc@freebsd.org, FreeBSD Current Subject: Re: [RFC] Skeleton jail (rc.d feature proposal) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2009 02:20:11 -0000 在 Fri, 20 Feb 2009 09:16:19 +0800,Xin LI 写道: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, Bjoern, > > Bjoern A. Zeeb wrote: > [...] >> I do not have the following two on most/any of my machines: >> >>> usr/src >>> usr/obj > > I agree. > >> The correct way to do this I think would leave rc.d/jail untouched and >> (pre-)populate an /etc/fstab. and use that. > > I do not think this is a very good approach for this use case. > > Making it an rc.conf option, enables the following tasks as a one-liner > change: > - Enabling/Disabling skeleton jail (how will the system perform if I > have the template directories read-only?); > - Switching template root (what will happen if switch from 7.1 userland > to 7.2 userland?); > - Change mount points within all jails. > > I do admit that all these can be done with scripts though. > > Cheers, > - -- > Xin LI http://www.delphij.net/ > FreeBSD - The Power to Serve! > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.10 (FreeBSD) > > iEYEARECAAYFAkmeBGIACgkQi+vbBBjt66A4GgCgsBo4b6PNTVDX3/3SCyv/ezXI > 6+wAn2KZFdazhFjyyf0RPFHP6+8YpyPS > =rHFi > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to > "freebsd-current-unsubscribe@freebsd.org" I think I like Li Xin's way. I have set a jail host in my company with Li Xin's patch, it didn't change the usage of original jail system, just add a make target in /usr/src/Makefile, I can use skeleton jail and original jail in one jail host. They have not much differents in rc.conf, if want skeleton, I just add two options with normal settings. It is compatible way with orignal design. quakelee -- The Power to Serve From owner-freebsd-jail@FreeBSD.ORG Fri Feb 20 19:23:15 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0C89D1065694; Fri, 20 Feb 2009 19:23:15 +0000 (UTC) (envelope-from simon@nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.freebsd.org (Postfix) with ESMTP id BBAA78FC21; Fri, 20 Feb 2009 19:23:14 +0000 (UTC) (envelope-from simon@nitro.dk) Received: from arthur.nitro.dk (arthur.bofh [192.168.2.3]) by mx.nitro.dk (Postfix) with ESMTP id 1A8AE2E6821; Fri, 20 Feb 2009 19:23:14 +0000 (UTC) Received: by arthur.nitro.dk (Postfix, from userid 1000) id 025095C6A; Fri, 20 Feb 2009 20:23:13 +0100 (CET) Date: Fri, 20 Feb 2009 20:23:13 +0100 From: "Simon L. Nielsen" To: d@delphij.net Message-ID: <20090220192312.GD1064@arthur.nitro.dk> References: <499244E6.9030205@delphij.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <499244E6.9030205@delphij.net> User-Agent: Mutt/1.5.19 (2009-01-05) Cc: freebsd-jail@FreeBSD.org, FreeBSD Current , freebsd-rc@FreeBSD.org Subject: Re: [RFC] Skeleton jail (rc.d feature proposal) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2009 19:23:16 -0000 On 2009.02.10 19:24:22 -0800, Xin LI wrote: > Ok, some local users has prodded me in committing the "skeleton jail" > feature, I find it useful myself but not sure if it's appropriate to > commit it against -HEAD, so I'd like to explain it, try to present it in This complicates an already complicated etc/rc.d/jail script so I think this is a very bad idea. rc.d/jail is already interesting enough security wise as it is IMO. If anyone wants this very much think it should be done in an "external" (to etc/rc.d/jail) jail management system/script. Personally I have been very happy with ezjail, and I think having a script like that "externally" is a much better way to go. If that means importing ezjail or making something like it I don't know. -- Simon L. Nielsen