On Fri, Sep 23, 2005 at 06:30:42PM +0200, Jeremie Le Hen wrote: > Note that I'm still not sure about these scripts : > 400.status-disks > 405.status-ata-raid > 420.status-network > For instance, 420 uses ``netstat -in''. It will not be able to run > inside a jail, unless /dev/mem is available (I'm not sure this is > still the case with rwatson_at_ recent changes), which is, while still > possible, very unlikely. You probably don't need to worry about it too much. Even if the user isn't allowed to run 'netstat -in' then nothing bad will happen, short of perhaps a mail being sent to the jail owner. They can always override it in their own /etc/periodic.conf or /etc/periodic.conf.local The test I would use is: "is this script something to do with administering the *machine* itself, or the *jail environment*?" Almost always I'd expect the network interfaces to belong to the machine only. The disks and ata-raid arrays most likely belong to the machine. It's not impossible that the system administrator would decide to open up direct access to a particular drive into a particular jail (using devfs rules), but even then it's more likely the system administrator rather than the person sitting within the jail who is going to be responsible for the good health of the drives, and therefore wants to see these alerts. > I would like to hear some advice of wise people about this. Ah, that I can't help you with :-) Regards, Brian.Received on Fri Sep 23 2005 - 17:09:10 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:44 UTC