On 05/21/2011 02:07 PM, no-re...@cfengine.com wrote:
> Yes, but I still don't understand. Cfengine gets the real host name from
> uname(), which is what you get from printing the shell command. So your
> example is no different from using the hostname of the machine.
>From what I get from unix.c, Cfengine reverse-lookups DNS names from IP
addresses and creates classes for those, in the example above each IP
resolves into some DNS name which gets defined.
> Is there not rather a way of determining what is not a jail? The presence of
> a special file, the ability to see the jail directories, to qualify the class?
>
> isdir("/jail") ?
>
> I'm afraid I don't know much about jails or how they look in practice.
Jail is chroot-on-steroids. In addition to filesystem separation it may
get static IP address assigned exclusively during configuration.
It should be possible filter out such IP addresses by obtaining jails'
information using jail_get(2) syscall and removing from list of IPs ones
assigned to jails.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
