Re: Idea about 'skeleton jail
Frank == Frank Knobbe [EMAIL PROTECTED] writes: Frank If you nullfs these directories, you loose the ability to Frank prune the jail. Pruning is part of system hardening. I'd May be it's better to use unionfs, so anybody can replace binaries with their stub version pre jail. -- DSS5-RIPE DSS-RIPN 2:550/[EMAIL PROTECTED] 2:550/[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] http://neva.vlink.ru/~dsh/ ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Idea about 'skeleton jail
Denis Shaposhnikov wrote: Frank == Frank Knobbe [EMAIL PROTECTED] writes: Frank If you nullfs these directories, you loose the ability to Frank prune the jail. Pruning is part of system hardening. I'd May be it's better to use unionfs, so anybody can replace binaries with their stub version pre jail. This might be a very stupid idea but how about a jailfs. Now I don't know all that much about filesystem design so bear with me. How about something like this: # ls /usr/jail fulljail smalljail fulljail.conf smalljail.conf # cd /usr/jail/fulljail # ls dev etc home # cat ../fulljail.conf allow-all read-only ignore /dev /etc /usr/home allow read-write /usr/ports/distfiles # cd ../smalljail # ls # cat ../smalljail.conf ignore-all allow read-only /bin /usr/bin allow read-write /usr/home # cd /usr/jail # jail /usr/jail/fulljail fulljail 127.0.0.1 /bin/sh /etc/rc # jexec 1 ls COPYRIGHT boot compat dist etc lib mnt rescue sbin sys usr bin cdrom dev entropy home libexec proc root stand tmp var # jail /usr/jail/smalljail smalljail 127.0.0.1 /bin/sh /home/myhome/specialtask.sh # jexec 2 ls bin usr home # SO the jail filesystem is configured at jail-creation time and uses the hosts files or jail files depending on the configuration. Might have to pass the config file into the jail command. As I said I am not an expert. Mabye one of the experts could let me know what they think? Chris ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Low level hardware access in FreeBSD
On Sat, Mar 12, 2005 at 06:12:19PM +, Alex Burke wrote: Hi, I am just wondering how I can access either BIOS calls, or preferably registers under FreeBSD? I am trying to write a simple system capable of displaying graphics on the screen, and I am pretty sure I can mmap the VGA memory to my programs address space. You'd better not try inventing the wheel. You can use already written libraries for that purpose - vgl(3) or graphics/svgalib for example. -ip -- If everybody doesn't want it, nobody gets it. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Idea about 'skeleton jail
Not a bad 'idea' at all, although I won't comment on semantics. I had something implemented using fs stacking (in a very hackish way, and I believe it's lost now, so don't ask to see it...) to implement per-jail quota's that seemed to work quite well. Sam This might be a very stupid idea but how about a jailfs. Now I don't know all that much about filesystem design so bear with me. How about something like this: snippay SO the jail filesystem is configured at jail-creation time and uses the hosts files or jail files depending on the configuration. Might have to pass the config file into the jail command. As I said I am not an expert. Mabye one of the experts could let me know what they think? Chris ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Idea about 'skeleton jail
Samuel J. Greear wrote: Not a bad 'idea' at all, although I won't comment on semantics. I had something implemented using fs stacking (in a very hackish way, and I believe it's lost now, so don't ask to see it...) to implement per-jail quota's that seemed to work quite well. Sam Feel free to comment on the semantics. As I said before, I am not very knowledgable about filesystems and any insight or alternative implementation you can provide would be interesting I'm sure to everyone. Chris This might be a very stupid idea but how about a jailfs. Now I don't know all that much about filesystem design so bear with me. How about something like this: snippay SO the jail filesystem is configured at jail-creation time and uses the hosts files or jail files depending on the configuration. Might have to pass the config file into the jail command. As I said I am not an expert. Mabye one of the experts could let me know what they think? Chris ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
cron limit
I have a script that works fine from command line. But when I run it from cron , its not displaying all the info. Looks like cron is limiting the char length. example from script ran by cron: root54313 0.0 0.2 1024 720 ?? S 3:20PM 0:00.00 cron: running jo example from script ran by command line: root54313 0.0 0.2 1024 720 ?? S 3:20PM 0:00.00 cron: running job (cron) Any way to make cron use more buffer? Thanks ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cron limit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 13 Mar 2005, junk wrote: I have a script that works fine from command line. But when I run it from cron , its not displaying all the info. Looks like cron is limiting the char length. example from script ran by cron: root54313 0.0 0.2 1024 720 ?? S 3:20PM 0:00.00 cron: running jo example from script ran by command line: root54313 0.0 0.2 1024 720 ?? S 3:20PM 0:00.00 cron: running job (cron) Any way to make cron use more buffer? Thanks Have the script mail the output to you instead of having cron do it. That might change how the output reads. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) Comment: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xF7DF979F iD8DBQFCNJdxsmFQuvffl58RAqxzAKCGW1Rv/UKU6CW2+u6PcRVJqepybACfTf46 +lgall+/g8oAXu6aqj7ap+8= =OgvR -END PGP SIGNATURE- ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Idea about 'skeleton jail
On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote: Samuel J. Greear wrote: Not a bad 'idea' at all, although I won't comment on semantics. I had something implemented using fs stacking (in a very hackish way, and I believe it's lost now, so don't ask to see it...) to implement per-jail quota's that seemed to work quite well. Sam Feel free to comment on the semantics. As I said before, I am not very knowledgable about filesystems and any insight or alternative implementation you can provide would be interesting I'm sure to everyone. Yeah, if there was jailfs that was setup automatically for the jails that supported quotas out of the box that would kill my major gripe about setting up jails. -- Anish Mistry pgp4WCWHjxMeP.pgp Description: PGP signature
Re: Idea about 'skeleton jail
Anish Mistry wrote: On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote: Samuel J. Greear wrote: Not a bad 'idea' at all, although I won't comment on semantics. I had something implemented using fs stacking (in a very hackish way, and I believe it's lost now, so don't ask to see it...) to implement per-jail quota's that seemed to work quite well. Sam Feel free to comment on the semantics. As I said before, I am not very knowledgable about filesystems and any insight or alternative implementation you can provide would be interesting I'm sure to everyone. Yeah, if there was jailfs that was setup automatically for the jails that supported quotas out of the box that would kill my major gripe about setting up jails. Any ideas the sort of work involved in something like this? I am graduating soon and about to have about a month of free time to spend on a project. From the very little I know about file systems on Unix they just stack together right? So there would have to be something to process the configuration file and then is it just a matter of overriding each vnode operation or is there more to it than that? Chris ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cron limit
c0ldbyte wrote: On Sun, 13 Mar 2005, junk wrote: I have a script that works fine from command line. But when I run it from cron , its not displaying all the info. Looks like cron is limiting the char length. example from script ran by cron: root54313 0.0 0.2 1024 720 ?? S 3:20PM 0:00.00 cron: running jo example from script ran by command line: root54313 0.0 0.2 1024 720 ?? S 3:20PM 0:00.00 cron: running job (cron) Any way to make cron use more buffer? Thanks Have the script mail the output to you instead of having cron do it. That might change how the output reads. Emailing the output shows the same thing. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cron limit
junk wrote: c0ldbyte wrote: On Sun, 13 Mar 2005, junk wrote: I have a script that works fine from command line. But when I run it from cron , its not displaying all the info. Looks like cron is limiting the char length. example from script ran by cron: root54313 0.0 0.2 1024 720 ?? S 3:20PM 0:00.00 cron: running jo example from script ran by command line: root54313 0.0 0.2 1024 720 ?? S 3:20PM 0:00.00 cron: running job (cron) Any way to make cron use more buffer? Thanks Have the script mail the output to you instead of having cron do it. That might change how the output reads. Emailing the output shows the same thing. The script thats being ran by cron does a 'ps x |grep test.pl'. and prases the output from test.pl, but since cron is limiting the char length, its not parsing the output right. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cron limit
Pieter de Boer wrote: The script thats being ran by cron does a 'ps x |grep test.pl'. and prases the output from test.pl, but since cron is limiting the char length, its not parsing the output right. ps -xw ? Yeah. That was the problem. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cron limit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 13 Mar 2005, junk wrote: Pieter de Boer wrote: The script thats being ran by cron does a 'ps x |grep test.pl'. and prases the output from test.pl, but since cron is limiting the char length, its not parsing the output right. ps -xw ? Yeah. That was the problem. Yeah that would be correct but still just might want to go with a couple more w's for instance just one will still cut off to a certain point so a (ps auxwww) will make sure it gets everything and feeds back the proper information. Sorry I didnt remember that right away. Best luck wishes: --c0ldbyte -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) Comment: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xF7DF979F iD8DBQFCNNQismFQuvffl58RAqTnAJ4m2nI1HTx6kog5uIICKVYsgWAMgQCfYkOL ZAWnTmlcBJHsVDCL1CC3vt4= =g6f6 -END PGP SIGNATURE- ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cron limit
c0ldbyte wrote: On Sun, 13 Mar 2005, junk wrote: Pieter de Boer wrote: The script thats being ran by cron does a 'ps x |grep test.pl'. and prases the output from test.pl, but since cron is limiting the char length, its not parsing the output right. ps -xw ? Yeah. That was the problem. Yeah that would be correct but still just might want to go with a couple more w's for instance just one will still cut off to a certain point so a (ps auxwww) will make sure it gets everything and feeds back the proper information. Sorry I didnt remember that right away. Best luck wishes: --c0ldbyte Thanks for all the help. It's working great. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Global / Cluster / Shared filesystem for FreeBSD?
On Fri, Mar 11, 2005 at 10:27:36AM -0500, Jim Rees wrote: There are OpenAFS and NFSv4 clients for FreeBSD, but unfortunately neither is really production quality. It wouldn't take much to make at least the OpenAFS client usable but no one seems to be working on it now. I may be looking into AFS more for my workplace. If this comes to pass, I may end up making an effort to get it working on FreeBSD as a hobby during my spare time. Some things to look at that I've also been poking at: * Apparently the newest development (1.3.x) OpenAFS servers will work on FreeBSD, but the client is not production quality. * /usr/ports/net/arla implements a client that supposedly works on FreeBSD, though I have yet to test it. * OpenAFS is looking for people interested in making their client work on FreeBSD. Hope this helps. I'd like to see FreeBSD get much better AFS and general clustering/internetworking support. For example, easier to configure LDAP and Kerberos. Must.. compete.. with.. Active.. Directory... -- Sean Kelly | PGP KeyID: D2E5E296 [EMAIL PROTECTED] | http://www.sean-kelly.org/ pgpIOekCP4iVL.pgp Description: PGP signature