On Thu, Sep 22, 2005 at 02:21:13PM +0200, Jeremie Le Hen wrote: > there are some periodic script which shouldn't be run inside a jail, > because jail's restrictions would prevent the utility to work correctly. > This includes those that gathers statistics from various firewalls, > in security/ : > 510.ipfdenied > 520.pfdenied > 550.ipfwlimit > 600.ip6fwdenied > 610.ipf6denied > 650.ip6fwlimit ... > I would like to hear your comments on this and on the best way to solve > this problem. My first thought was to add > > % if [ `sysctl -n security.jail.jailed` -eq 1 ] > % then > % exit 0 > % fi > > just before the main case statement, but there may be smarter ways to > achieve this. A mechanism which already exists is to create /etc/periodic.conf within your jail, disabling the individual scripts you don't want to run. See /etc/defaults/periodic.conf for the settings available (or /usr/share/examples/etc/defaults/periodic.conf) However it might be a good idea for FreeBSD to provide a sample periodic.conf for use in a jail environment. Regards, Brian.Received on Fri Sep 23 2005 - 07:22:28 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:44 UTC