From owner-freebsd-questions@FreeBSD.ORG Sun Mar 23 03:03:42 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 742AF1065673 for ; Sun, 23 Mar 2008 03:03:42 +0000 (UTC) (envelope-from the.real.david.allen@gmail.com) Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.189]) by mx1.freebsd.org (Postfix) with ESMTP id CBC4C8FC13 for ; Sun, 23 Mar 2008 03:03:41 +0000 (UTC) (envelope-from the.real.david.allen@gmail.com) Received: by rv-out-0910.google.com with SMTP id g13so1333098rvb.43 for ; Sat, 22 Mar 2008 20:03:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=LRkTrUSGlyFxiydckIQo8S0ztpD8yqc/360VId08cTE=; b=MxZYDrqB+eRlfbuVy947l4TYa23UaZkvPZlYZEH2QsNX46g115mrwaY0t03DWWGi+VnqxNw8XPQeisHjotY778xQWqajinM/xR07tXINqXZrWl3VxQNmhbmQk/7QR2g7Mfya4Vkx8HmgcOw18/yASHPeCzN5DP330JKgk18motM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:to:subject:mime-version:content-type; b=Dkp752C8flifRDaZZEWUkAOuuzDeAKFLpLenirtAjL4W4svQdz+phf+a87xHi8tc+4+4jvFvQMSMjPFPTzMvpWaLHfkDLkE5AYdxNq73GhwqFlC9nC4l5kQrSZCEReibIYr1Nozkc367lnBshalKDMtvKxwZrVixfkO4vznjYro= Received: by 10.141.210.21 with SMTP id m21mr1799138rvq.14.1206239824805; Sat, 22 Mar 2008 19:37:04 -0700 (PDT) Received: by 10.141.153.21 with HTTP; Sat, 22 Mar 2008 19:37:04 -0700 (PDT) Message-ID: <2daa8b4e0803221937m7b1c2016h663ade8749272bde@mail.gmail.com> Date: Sat, 22 Mar 2008 19:37:04 -0700 From: "David Allen" To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: A few jail questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Mar 2008 03:03:42 -0000 I've recently been examining the use of jails in FreeBSD, and I have some questions I hope someone can shed some light on with respect to running virtual servers in jails. 1. Upgrading. This probably a "It Depends" question, but if a host system is upgraded (within version numbers), will the new kernel and world on the host system cause potential problems with existing jails when they are restarted? Or do the jails need to be rebuilt before they are started? 2. Localhost. Jails seem to be implemented using IP address aliasing, so anything within the jail that wants to, or is configured to, bind to the localhost address, now gets bound to the jail's IP address. This means that what was once local, is now publically available. Will running a firewall on the host system work in such cases? 3. Sendmail. The usual approach of setting "sendmail_enable=NO" (or using DAEMON_OPTIONS) won't prevent sendmail running in a jail from starting up and listening for incoming mail from external hosts. Short of disabling sendmail entirely, I'm wondering what approach most people use as a workaround. Thanks. Please copy me, as I'm not currently subscribed.