Re: [RFC] Skeleton jail (rc.d feature proposal)

From: Simon L. Nielsen <simon_at_FreeBSD.org>
Date: Fri, 20 Feb 2009 20:23:13 +0100
On 2009.02.10 19:24:22 -0800, Xin LI wrote:

> Ok, some local users has prodded me in committing the "skeleton jail"
> feature, I find it useful myself but not sure if it's appropriate to
> commit it against -HEAD, so I'd like to explain it, try to present it in

This complicates an already complicated etc/rc.d/jail script so I
think this is a very bad idea.  rc.d/jail is already interesting
enough security wise as it is IMO.

If anyone wants this very much think it should be done in an
"external" (to etc/rc.d/jail) jail management system/script.

Personally I have been very happy with ezjail, and I think having a
script like that "externally" is a much better way to go.  If that
means importing ezjail or making something like it I don't know.

-- 
Simon L. Nielsen
Received on Fri Feb 20 2009 - 18:23:15 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:42 UTC