date:20030410

Re: jail() for Linux ?

2003-04-10 Thread Vlad Harchev

On Wed, Apr 09, 2003 at 07:12:04PM +0200, Marc Sch?chlin wrote:
Hi,

> Hi  !
> 
> I developed a software (will be in 1-2 weeks available as opensource)
> for managing virtual Systems which are using the jail-functionality of
> FreeBSD - now I ask myself  if the jail-functionality
> is also available for linux systems.
> 
> jail() is a combination of the chroot()-functionality and limited access
> to syscalls.
> 
> Further Information:
> http://www.daemonnews.org/200109/jailint.html
> 
> Does anybody know anything about a patch which implements the same
> functionality on Linux ?

There is a commercial high-quality solution (also they have somewhere
a 300kb overview of disadvantages of FreeBSD jail over their solution)

http://www.sw-soft.com/en/products/virtuozzo/

-- 
 Best regards,
  -Vlad

Re: jail() for Linux ?

2003-04-10 Thread Marc Schöchlin

Hi !

Arend van Waart wrote:

> Marc Schöchlin wrote:
>
>> Hi  !
>>
>> I developed a software (will be in 1-2 weeks available as opensource)
>> for managing virtual Systems which are using the jail-functionality of
>> FreeBSD - now I ask myself  if the jail-functionality
>> is also available for linux systems.
>
> [snip]
>
>> Does anybody know anything about a patch which implements the same
>> functionality on Linux ?
>>
>> Best regards
>>
>> Marc Schoechlin
>
> I do not believe jail() itself is available to linux, though you could
> try the user-mode-linux project.
> http://user-mode-linux.sourceforge.net/. It's patch for the linux
> kernel to spawn a new patched kernel. The only problem so far with me
> has been that it's a bit tricky to get the network working.
>
> When it's not what you're looking for, it is fun to toy with. 

I know the uml-project - but this is not what I mean - but jail() is
more economical with ram and disk-space.

The uml-project makes a deeper abstraction of  the virtual-systems .

Best regards

Marc Schoechlin

Re: jail() for Linux ?

2003-04-10 Thread Marc Schöchlin

Hi !

J.J. van Gorkum wrote:

>The only thing I found that looks the same is...
>
>http://www.solucorp.qc.ca/miscprj/s_context.hc
>  
>
Matt Ayres wrote:

>You can use vserver (http://www.solucorp.qc.ca/miscprj/s_context.hc).  I'd be 
>interested in what you did for jail, would it be possible for me to get a 
>rundown of features or an advance copy?
>  
>
Thanks a lot - I will test this patch if its compatible with my software :-)

A already discovered a substitute for the "mount_null" command - "mount
-link" :-))

The features of  my software:
--

#
###
### JAILMANAGER : DESIGN AND CONCEPTS
###


This file gives a short overview about the basic design- and
conceptional ideas of Jailmanger.


## Software - Environment

-> Free-BSD 4.6 and higher
-> Perl v5.6.1 and higher


## Basic Features

The use of Jailmanger gives you several advantages compared
to a regular jail-setup.

-> centralized software management

   -> no redundance files 
   -> no time consuming updates
   -> automated setup of the central software-reference
   -> every virtual server only needs an minimal disc-space
  of 10 megabytes

-> automated setup and creation of virtual-servers

-> maintainance shell for every virtual server

-> automated starting and stopping of jails

-> maintainance-tools which helps you to get informations
   about the currently configured jails.

   -> showing the processes for every jail/for a certain jail
   -> showing the status of jails

-> Logging of maintainance-tasks to a logfile
  
-> every information about a certain jail is populated in
   one singe directory.
   (this increases transparence, and makes it very easy to
transfer a jail to another hosting-server.)

-> batched configuration changes

   -> execution of a certain script/program in every jail
   -> optional interactive mode, which helps to verify
  automated actions
   -> passing of environment-variables which contain the
  configuration data of a certain jail to the executed
  programs to ease configuration tasks.

-> /SW-Support
   (/SW is a concept for maintaining software for multiple
hardware-platforms)

-> shellscript-supported update of configuration-files

   ->identifying of differences beetween the reference and
 the user-jail

   ->interactive merging of configfiles

-> multi-ip-support for each jail

## ultrashort design overview


* master-jail:

  This jail is automatically generated from /usr/src by a script,
  and represents the software-reference for every user-jail
  (see description below).
 
  This Jail is fully functional - but it will be never directly
  used for productive needs.

  The directory where the master-jail resides is read-only mounted
  to every user-jail with the mount_null-command.


* user-jail:

  Jails of this type provide the different virtual-server-environments.
 
  Almost all files which are need for the complete virtual server, are
  provided by the master-jail directory which is mounted to a certain
  directory within the user-jail.

  All directories of the user-jail are symlinked to the corresponding
  directory in the master-jail - except those which are needed for
  local modifications. (i.e /etc/, /var/, /root, )

  example view to such a user-jail file-system:
  
  [EMAIL PROTECTED] $ls -la
  total 25
  drwxr-xr-x  13 root  wheel   512 Mar 10 13:10 .
  drwxr-xr-x  13 root  wheel   512 Mar 10 13:10 ..
  lrwxrwxr-x   1 root  wheel30 Mar  5 14:31 .cshrc ->
/slash-root/master-jail/.cshrc
  lrwxrwxr-x   1 root  wheel32 Mar  5 14:31 .profile ->
/slash-root/master-jail/.profile
  lrwxrwxr-x   1 root  wheel33 Mar  5 14:31 COPYRIGHT ->
/slash-root/master-jail/COPYRIGHT
  lrwxrwxr-x   1 root  wheel27 Mar  5 14:31 bin ->
/slash-root/master-jail/bin
  lrwxrwxr-x   1 root  wheel28 Mar  5 14:31 boot ->
/slash-root/master-jail/boot
  drwxr-xr-x  13 root  wheel   512 Mar  5 14:31 client
  drwxr-xr-x   3 root  wheel  1536 Mar  6 09:36 dev
  drwxr-xr-x  11 root  wheel  1536 Mar  6 13:52 etc
  lrwxrwxr-x   1 root  wheel 9 Mar  5 14:31 kernel -> /dev/null
  drwxr-xr-x   2 root  wheel   512 Mar  5 14:31 mnt
  lrwxrwxr-x   1 root  wheel31 Mar  5 14:31 modules ->
/slash-root/master-jail/modules
  dr-xr-xr-x   1 root  wheel   512 Mar 10 13:10 proc
  drwxr-xr-x   5 root  wheel   512 Mar  6 09:38 root
  lrwxrwxr-x   1 root  wheel28 Mar  5 14:31 sbin ->
/slash-root/master-jail/sbin
  drwxrwxr-x   3 root  wheel   512 Mar  5 14:31 serv
  drwxr-xr-x   4 root  wheel   512 Mar  5 14:31 slash-root
  lrwxrwxr-x   1 root  wheel15 Mar  5 14:31 sw -> /slash-root/sw/
  lrwxrwxr-x   1 root  wheel27 Mar  5 14:31 sys ->
/slash-root/master-jail/sys
  drwxrwxrwt   3 root  wheel   512 Mar 10 03:01 tmp
  drwxrwxr-x   3 root  wheel   512 Mar  5 14:31 usr
  drwxr-xr-x  20 root  wheel   512 Mar  5 10:24 var
  

  The master-jail is read-only mounted to /slash-root/master-jail with
  mount_null.

Re: which dns server to use ?

2003-04-10 Thread Hirling Endre

On Tue, 2003-04-08 at 23:52, Nate Campi wrote:

> I use tinydns for a company that serves over one billion web hits per
> day (not visitors, hits, and no I'm not exaggerating). The authoritative
> nameservers serve between 100 and 300 queries/sec on each of five
> nameservers, for between 50 and 90 million queries answered per day.

How would you use tinydns+dnscache on a machine that has to act as both
authoritative and caching server? It has to serve a LAN with dns proxy
_and_ serve the private zones that are used on the LAN. The private
zones are like ".foo", so dnscache won't know anything about them from
the root servers.

-m-

Re: which dns server to use ?

2003-04-10 Thread mslucas

> On Tue, 2003-04-08 at 23:52, Nate Campi wrote:
>
> > I use tinydns for a company that serves over one billion web hits per
> > day (not visitors, hits, and no I'm not exaggerating). The authoritative
> > nameservers serve between 100 and 300 queries/sec on each of five
> > nameservers, for between 50 and 90 million queries answered per day.
>
> How would you use tinydns+dnscache on a machine that has to act as both
> authoritative and caching server? It has to serve a LAN with dns proxy
> _and_ serve the private zones that are used on the LAN. The private
> zones are like ".foo", so dnscache won't know anything about them from
> the root servers.

Setup dnscache on the private LAN ipaddress
Setup tinydns on 127.0.0.1

echo 127.0.0.1 > /etc/dnscache/root/servers/mydomain.foo

and dnscache will ask the local authoritative server about mydomain.foo

Maurice Lucas
TAOS-IT

Re: [HELP] .htaccess problem

2003-04-10 Thread axacheng

my openldap with auth_ldap is working fine now. 

i modify slapd.conf ACL as following :

access to *
by self write
by dn="cn=authldap,dc=ezplay,dc=tv" read
by * none

then , i using IE5.0 browser to view web  that was restricted by .htaccess.

Thus, clients CAN pass through .htaccess authencation  :-)



-- 
Trust & Unique ...

Re: jail() for Linux ?

Re: jail() for Linux ?

Re: jail() for Linux ?

Re: which dns server to use ?

Re: which dns server to use ?

Re: [HELP] .htaccess problem

6 matches

Site Navigation

Mail list logo

Footer information