Date: Mon, 06 Aug 2007 11:49:13 +0200 From: Alexander Leidinger <Alexander@Leidinger.net> To: Roman Divacky <rdivacky@freebsd.org> Cc: emulation@freebsd.org, freebsd-jail@freebsd.org Subject: Re: Is it safe to change compat.linux.osrelease inside a jail? Message-ID: <20070806114913.vwjsryyko4kgo4g8@webmail.leidinger.net> In-Reply-To: <20070806090422.GA47161@freebsd.org> References: <45722684@bsam.ru> <20070806093303.axopv21aw0ckowco@webmail.leidinger.net> <20070806090422.GA47161@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Roman Divacky <rdivacky@freebsd.org> (from Mon, 6 Aug 2007 =20 11:04:22 +0200): > On Mon, Aug 06, 2007 at 09:33:03AM +0200, Alexander Leidinger wrote: >> Quoting Boris Samorodov <bsam@ipt.ru> (from Sat, 04 Aug 2007 00:00:35 >> +0400): >> >> >Hi! >> > >> > >> >I'm porting some Fedora Core 6 applications. Since the FreeBSD >> >package of a FC6 port should be build with non-default >> >compat.linux.osrelease and pointyhat is using jails to create >> >packages, here is the question at the Subject. >> > >> >I know it _may_ be changed (I've tried and succeeded). Can someone >> >say that it's quite OK to do so (without bad effects to jail/host)? >> >Sure I ask about -CURRENT. >> >> Roman did some work to make this a per-jail feature. I haven't seen >> any obvious stuff in the code which would make using this a bad idea. >> So: there are no known side-effects to use this in a jail. > > I didnt do anything.. this has always been per-jail attribute :) Yes. Sorry for not being clear. You did the right work from the =20 beginning to make the sysctl per jail instead of making it a global =20 property of the system. And the feature which is protected by this =20 sysctl should be able to work correctly for the use case. Hmmm... while I think about jails... wouldn't it be better from a =20 security perspective to have the list/queue/... which is behind the =20 use26 part be a per jail list/queue/...? It may be not an issue, but =20 can you verify that root in jail A can not do something (kill/...) / =20 get some info (even if it is just a PID of a linux process) from jail =20 B when both -current jails run in the non-default linuxulator? I ask =20 as I don't have time to look at it ATM. Bye, Alexander. --=20 Q:=09How can we get the Beatles to reunite for one more concert? A:=09With three more bullets. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070806114913.vwjsryyko4kgo4g8>