Date: Thu, 22 Sep 2005 14:21:13 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: freebsd-current@FreeBSD.org Subject: jail's periodic stuff Message-ID: <20050922122113.GO24643@obiwan.tataz.chchile.org>
next in thread | raw e-mail | index | archive | help
Hi, there are some periodic script which shouldn't be run inside a jail, because jail's restrictions would prevent the utility to work correctly. This includes those that gathers statistics from various firewalls, in security/ : 510.ipfdenied 520.pfdenied 550.ipfwlimit 600.ip6fwdenied 610.ipf6denied 650.ip6fwlimit I think that three other scripts from daily/ should be avoided too, but I'm not yet sure about those : 400.status-disks 405.status-ata-raid 420.status-network I would like to hear your comments on this and on the best way to solve this problem. My first thought was to add % if [ `sysctl -n security.jail.jailed` -eq 1 ] % then % exit 0 % fi just before the main case statement, but there may be smarter ways to achieve this. I will be glad to provide a patch as soon as I will have gathered enough informations. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050922122113.GO24643>