On Wed, Nov 05, 2008 at 06:37:09AM -0600, Jeff LaCoursiere wrote: > > On Wed, 5 Nov 2008, Tzafrir Cohen wrote: > > > On Tue, Nov 04, 2008 at 04:02:40PM -0600, Jeff LaCoursiere wrote: > > > > > > > > Hmm, I wonder if you could run asterisk in a jail? Anyone done that on > > > FreeBSD for example? That would solve your issues I think. It would > > > certainly be difficult for your admin to "admin" asterisk without the CLI. > > > Depending on your flavor of GUI it may be difficult for him to admin > > > asterisk with shell access. > > > > I don't think Asterisk is a good candidate for chrooting. It re-reads > > the config files in /etc on each reload. It will occasionally rotates > > logs in /var/log/asterisk . Just to mention a few.
Not to mention loading modules dynamically, which also means that all the dependent libraries need to be included in the relevant chroot (unless you build Asterisk static) > > > > These are trivial issues that would be part of the jail setup. Things > like access to /proc or filesystem based pipes would worry me more. /var/run/asterisk/asterisk.ctl ? Though it is only open at startup. > FreeBSD provides for some of this - don't know about Linux. openvz / linux-vserver are quite similar. -- Tzafrir Cohen icq#16849755 jabber:[EMAIL PROTECTED] +972-50-7952406 mailto:[EMAIL PROTECTED] http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users