Quoting Roman Divacky <[EMAIL PROTECTED]> (from Mon, 6 Aug 2007
11:04:22 +0200):
On Mon, Aug 06, 2007 at 09:33:03AM +0200, Alexander Leidinger wrote:
Quoting Boris Samorodov <[EMAIL PROTECTED]> (from Sat, 04 Aug 2007 00:00:35
+0400):
>Hi!
>
>
>I'm porting some Fedora Core 6 applications. Since the FreeBSD
>package of a FC6 port should be build with non-default
>compat.linux.osrelease and pointyhat is using jails to create
>packages, here is the question at the Subject.
>
>I know it _may_ be changed (I've tried and succeeded). Can someone
>say that it's quite OK to do so (without bad effects to jail/host)?
>Sure I ask about -CURRENT.
Roman did some work to make this a per-jail feature. I haven't seen
any obvious stuff in the code which would make using this a bad idea.
So: there are no known side-effects to use this in a jail.
I didnt do anything.. this has always been per-jail attribute :)
Yes. Sorry for not being clear. You did the right work from the
beginning to make the sysctl per jail instead of making it a global
property of the system. And the feature which is protected by this
sysctl should be able to work correctly for the use case.
Hmmm... while I think about jails... wouldn't it be better from a
security perspective to have the list/queue/... which is behind the
use26 part be a per jail list/queue/...? It may be not an issue, but
can you verify that root in jail A can not do something (kill/...) /
get some info (even if it is just a PID of a linux process) from jail
B when both -current jails run in the non-default linuxulator? I ask
as I don't have time to look at it ATM.
Bye,
Alexander.
--
Q: How can we get the Beatles to reunite for one more concert?
A: With three more bullets.
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
