On Thu, May 16, 2002 at 05:58:42PM +0200, Attila Nagy wrote: > Hello, > > > Yes, for your particular kind of jail :) And as a matter of fact, most > > things could be started like that, indeed.. Seems I need to really wake > > up and start thinking, and think myself away from the 'default' concept > > of starting a full-fledged /bin/sh /etc/rc jail. > Why would a /bin/sh needed for a nameserver? For helping crackers' life? > :) > I don't really like /bin/sh /etc/rc jails. And if I can, I often do jails > on the 127/8 subnet with a simple redirect for that particular port. This > also helps preventing the cracker to connect out from that jail.
Yes, this is indeed a very reasonable strategy for running jails. However, all of this has kind of strayed from the original discussion; that was why I said 'forget I said anything about supervise' :) This whole discussion started after I mistakenly decided that all jails are /bin/sh /etc/rc jails, and that the /etc/rc part keeps running for as long as the jail is alive; this alone would be the situation when supervising a jail would help 'rebooting' the jail (shutting down all processes). Since my basic premise was wrong, supervise cannot be used to reboot a whole jail (kill all the processes running within), I humbly apologize for the wasted traffic :) G'luck, Peter -- Peter Pentchev [EMAIL PROTECTED] [EMAIL PROTECTED] PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 What would this sentence be like if pi were 3?
msg34439/pgp00000.pgp
Description: PGP signature
