On Sunday 13 March 2005 14:24, Anish Mistry wrote:
On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote:
Samuel J. Greear wrote:
Not a bad 'idea' at all, although I won't comment on semantics.
I had something implemented using fs stacking (in a very hackish
way, and I believe it's
On Monday 14 March 2005 10:15 am, Samuel J. Greear wrote:
On Sunday 13 March 2005 14:24, Anish Mistry wrote:
On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote:
Samuel J. Greear wrote:
Not a bad 'idea' at all, although I won't comment on
semantics. I had something implemented
Anish Mistry wrote:
On Monday 14 March 2005 10:15 am, Samuel J. Greear wrote:
On Sunday 13 March 2005 14:24, Anish Mistry wrote:
On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote:
Samuel J. Greear wrote:
Not a bad 'idea' at all, although I won't comment on
semantics. I had something
Anish Mistry wrote:
On Monday 14 March 2005 10:15 am, Samuel J. Greear wrote:
On Sunday 13 March 2005 14:24, Anish Mistry wrote:
On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote:
Samuel J. Greear wrote:
Not a bad 'idea' at all, although I won't comment on
semantics. I had something
Not sure if this has already made it to the mailing list or not. My
uni email account has started blocking email inbound and outbound to
the freebsd servers. If I have missed anything since the post I am
replying to I would appreciate if it could be forwarded on to me at
this address...thanks :)
Frank == Frank Knobbe [EMAIL PROTECTED] writes:
Frank If you nullfs these directories, you loose the ability to
Frank prune the jail. Pruning is part of system hardening. I'd
May be it's better to use unionfs, so anybody can replace binaries
with their stub version pre jail.
--
DSS5-RIPE
Denis Shaposhnikov wrote:
Frank == Frank Knobbe [EMAIL PROTECTED] writes:
Frank If you nullfs these directories, you loose the ability to
Frank prune the jail. Pruning is part of system hardening. I'd
May be it's better to use unionfs, so anybody can replace binaries
with their stub version pre
Not a bad 'idea' at all, although I won't comment on semantics. I had
something implemented using fs stacking (in a very hackish way, and I
believe it's lost now, so don't ask to see it...) to implement per-jail
quota's that seemed to work quite well.
Sam
This might be a very stupid idea
Samuel J. Greear wrote:
Not a bad 'idea' at all, although I won't comment on semantics. I had
something implemented using fs stacking (in a very hackish way, and I
believe it's lost now, so don't ask to see it...) to implement per-jail
quota's that seemed to work quite well.
Sam
Feel free to
On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote:
Samuel J. Greear wrote:
Not a bad 'idea' at all, although I won't comment on semantics.
I had something implemented using fs stacking (in a very hackish
way, and I believe it's lost now, so don't ask to see it...) to
implement
Anish Mistry wrote:
On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote:
Samuel J. Greear wrote:
Not a bad 'idea' at all, although I won't comment on semantics.
I had something implemented using fs stacking (in a very hackish
way, and I believe it's lost now, so don't ask to see it...) to
On Mon, 2005-01-31 at 13:29 -0600, [EMAIL PROTECTED] wrote:
Very nice idea!! This greatly improves jail management on FreeBSD. There
is a possibility for a minor drawback -- if one can change a system binary
in the host system, them all jails are compromised -- but assuming one
would need root
I missed the beginning of the thread, but I thought I would point out
the rough script (mknulljail.sh) I wrote awhile back that uses nullfs.
I also have a update script (fbinst.sh) for FreeBSD that handles jails.
http://www.farley.org/?page=software
mknulljail.sh is getting old and can be used for
I'm curious if your idea for jails extends to running 50+ jails on a box
or not? I'd definitely be interested in any feedback you have on what
problems may or may not be encountered with so many mounts and also the
stability of nullfs nowadays.
PHK has just made a call for unionfs and nullfs
Dear Xin,
On Mon, 31 Jan 2005, Xin LI wrote:
XL What I am going to proposal is a concept that I call it skeleton jail,
XL or skeljail for short. A skel jail is something that shares most base
XL system binaries/libraries with the host, through read-only mount_null's.
[snip]
XL I have some
On Mon, Jan 31, 2005 at 11:13:04PM -0800, Justin Hopper wrote:
+ We are considering open sourcing all of our stuff, to contribute back
+ what we can to the OS that allowed us to build our entire company. I'd
+ really like to see what others have done to make jails more manageable,
+ as it seems
On Mon, 31 Jan 2005, Xin LI wrote:
What I am going to proposal is a concept that I call it skeleton jail,
or skeljail for short. A skel jail is something that shares most base
system binaries/libraries with the host, through read-only mount_null's.
Please post your scripts :-) We recently
2005-02-01 11:40 +0100Pawel Jakub Dawidek
The thing that can be useful IMHO is possibility to use
reboot(8)/shutdown(8), etc. inside a jail, but...
I'm unfortunately too busy with other (probably less interesting, but
profitable) projects.
Quick question: Is this mean we can have init(8)
On Wed, Feb 02, 2005 at 12:52:17AM +0800, Xin LI wrote:
+ ??? 2005-02-01?? 11:40 +0100???Pawel Jakub Dawidek?
+ The thing that can be useful IMHO is possibility to use
+ reboot(8)/shutdown(8), etc. inside a jail, but...
+ I'm unfortunately too busy with other (probably less
On Wed, 2 Feb 2005, Xin LI wrote:
在 2005-02-01二的 11:40 +0100,Pawel Jakub Dawidek写道:
The thing that can be useful IMHO is possibility to use
reboot(8)/shutdown(8), etc. inside a jail, but...
I'm unfortunately too busy with other (probably less interesting, but
profitable) projects.
Quick question:
I have attached an alpha patch in attachment that implements skeljail,
which includes an installskel target to install a (hmm... as many as
you wish and your hard disk allows) skeleton after buildworld.
In order to make use it, follow the following procedure:
0. make buildworld is a prerequisite
In my opinion, FreeBSD is currently behind in virtual server
implementations for a few reasons;
It does not support multiple IPs in jails. Sure, there are patches, but
the one here doesn't compile on 5.3-STABLE, for example. Support
integrated into the base system would be neat. It would also be
On Tue, 2005-02-01 at 11:40 +0100, Pawel Jakub Dawidek wrote:
On Mon, Jan 31, 2005 at 11:13:04PM -0800, Justin Hopper wrote:
+ We are considering open sourcing all of our stuff, to contribute back
+ what we can to the OS that allowed us to build our entire company. I'd
+ really like to see
On Tue, Feb 01, 2005 at 01:31:11PM -0800, Justin Hopper wrote:
+ I've made some fixes a week or something
+ ago, I just created a patch against HEAD if you want to try it:
+
+ http://people.freebsd.org/~pjd/patches/jail_2005020101.patch
+
+ There can still be some remaining issues, but
Dear folks,
The recent discussion about whether we should have the perl port to
touch/install /usr/bin/perl. While I'm not interested in joining the
discussion, it inspired me that we can make use of the fact that ports
should not install things to system area and take advantage from it.
Finally
2005-01-31 17:10 +0100Jeremie Le Hen
On Mon, Jan 31, 2005 at 09:39:52PM +0800, Xin LI wrote
[snip]
Why don't you simply call the target installjail instead of
installskel ?
I'd admit that I have chosen the name just by chance. I prefer
installskel over installjail since I think the latter
Very nice idea!! This greatly improves jail management on FreeBSD. There
is a possibility for a minor drawback -- if one can change a system binary
in the host system, them all jails are compromised -- but assuming one
would need root access on the host to change the binary, he would have
power to
On Mon, Jan 31, 2005 at 01:29:24PM -0600, [EMAIL PROTECTED] wrote:
Very nice idea!! This greatly improves jail management on FreeBSD. There
is a possibility for a minor drawback -- if one can change a system binary
in the host system, them all jails are compromised -- but assuming one
would
On Mon, 2005-01-31 at 21:39 +0800, Xin LI wrote:
Dear folks,
The recent discussion about whether we should have the perl port to
touch/install /usr/bin/perl. While I'm not interested in joining the
discussion, it inspired me that we can make use of the fact that ports
should not install
29 matches
Mail list logo
