On Tue, Jul 23, 2013 at 04:44:18PM -0700, Yuri wrote: > On 07/23/2013 16:31, Mateusz Guzik wrote: > >Of course then you may have some unnecessary separation but that I > >believe can be simply worked out if it turns out to be problematic. > > > jail would completely separate two systems. In my case this app also > communicates through files that it creates and host app reads > through symbolic links. It might also be assuming that it runs on > the same host and maybe is unable to connect to X server other than > through the shared memory. >
1. fs level cooperation is not going to be affected in any way. for all practical purposes you can assume fs-wise jail is a chroot with ".." escape disabled 2. typically local applications connect to X server over unix socket, i.e. something you would have to expose in the jail anyway (by e.g. mount -t nullfs /tmp /path/to/jail/tmp) Of course I can be wrong here, but looks like jail is a drop-in replacement here. -- Mateusz Guzik <mjguzik gmail.com> _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
