Not sure if this has already made it to the mailing list or not. My
uni email account has started blocking email inbound and outbound to
the freebsd servers. If I have missed anything since the post I am
replying to I would appreciate if it could be forwarded on to me at
this address...thanks :)
Anish Mistry wrote:
On Monday 14 March 2005 10:15 am, Samuel J. Greear wrote:
On Sunday 13 March 2005 14:24, Anish Mistry wrote:
On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote:
Samuel J. Greear wrote:
Not a bad 'idea' at all, although I won't comment on
semantics. I had something implemented
Anish Mistry wrote:
On Monday 14 March 2005 10:15 am, Samuel J. Greear wrote:
On Sunday 13 March 2005 14:24, Anish Mistry wrote:
On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote:
Samuel J. Greear wrote:
Not a bad 'idea' at all, although I won't comment on
semantics. I had something implemented
On Monday 14 March 2005 10:15 am, Samuel J. Greear wrote:
> On Sunday 13 March 2005 14:24, Anish Mistry wrote:
> > On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote:
> > > Samuel J. Greear wrote:
> > > > Not a bad 'idea' at all, although I won't comment on
> > > > semantics. I had something imp
On Sunday 13 March 2005 14:24, Anish Mistry wrote:
> On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote:
> > Samuel J. Greear wrote:
> > > Not a bad 'idea' at all, although I won't comment on semantics.
> > > I had something implemented using fs stacking (in a very hackish
> > > way, and I belie
Anish Mistry wrote:
On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote:
Samuel J. Greear wrote:
Not a bad 'idea' at all, although I won't comment on semantics.
I had something implemented using fs stacking (in a very hackish
way, and I believe it's lost now, so don't ask to see it...) to
implem
On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote:
> Samuel J. Greear wrote:
> > Not a bad 'idea' at all, although I won't comment on semantics.
> > I had something implemented using fs stacking (in a very hackish
> > way, and I believe it's lost now, so don't ask to see it...) to
> > implemen
Samuel J. Greear wrote:
Not a bad 'idea' at all, although I won't comment on semantics. I had
something implemented using fs stacking (in a very hackish way, and I
believe it's lost now, so don't ask to see it...) to implement per-jail
quota's that seemed to work quite well.
Sam
Feel free to com
Not a bad 'idea' at all, although I won't comment on semantics. I had
something implemented using fs stacking (in a very hackish way, and I
believe it's lost now, so don't ask to see it...) to implement per-jail
quota's that seemed to work quite well.
Sam
>
> This might be a very stupid idea b
Denis Shaposhnikov wrote:
"Frank" == Frank Knobbe <[EMAIL PROTECTED]> writes:
Frank> If you nullfs these directories, you loose the ability to
Frank> prune the jail. Pruning is part of system hardening. I'd
May be it's better to use unionfs, so anybody can replace binaries
with their stub versio
> "Frank" == Frank Knobbe <[EMAIL PROTECTED]> writes:
Frank> If you nullfs these directories, you loose the ability to
Frank> prune the jail. Pruning is part of system hardening. I'd
May be it's better to use unionfs, so anybody can replace binaries
with their stub version pre jail.
--
DS
On Mon, 2005-01-31 at 13:29 -0600, [EMAIL PROTECTED] wrote:
> Very nice idea!! This greatly improves jail management on FreeBSD. There
> is a possibility for a minor drawback -- if one can change a system binary
> in the host system, them all jails are compromised -- but assuming one
> would need r
I missed the beginning of the thread, but I thought I would point out
the rough script (mknulljail.sh) I wrote awhile back that uses nullfs.
I also have a update script (fbinst.sh) for FreeBSD that handles jails.
http://www.farley.org/?page=software
mknulljail.sh is getting old and can be used for
On Tue, Feb 01, 2005 at 01:31:11PM -0800, Justin Hopper wrote:
+> > I've made some fixes a week or something
+> > ago, I just created a patch against HEAD if you want to try it:
+> >
+> >http://people.freebsd.org/~pjd/patches/jail_2005020101.patch
+> >
+> > There can still be some remaining
On Tue, 2005-02-01 at 11:40 +0100, Pawel Jakub Dawidek wrote:
> On Mon, Jan 31, 2005 at 11:13:04PM -0800, Justin Hopper wrote:
> +> We are considering open sourcing all of our stuff, to contribute back
> +> what we can to the OS that allowed us to build our entire company. I'd
> +> really like to
In my opinion, FreeBSD is currently behind in virtual server
implementations for a few reasons;
It does not support multiple IPs in jails. Sure, there are patches, but
the one here doesn't compile on 5.3-STABLE, for example. Support
integrated into the base system would be neat. It would also be n
I have attached an "alpha" patch in attachment that implements skeljail,
which includes an "installskel" target to install a (hmm... as many as
you wish and your hard disk allows) skeleton after buildworld.
In order to make use it, follow the following procedure:
0. make buildworld is a prerequis
On Wed, 2 Feb 2005, Xin LI wrote:
在 2005-02-01二的 11:40 +0100,Pawel Jakub Dawidek写道:
The thing that can be useful IMHO is possibility to use
reboot(8)/shutdown(8), etc. inside a jail, but...
I'm unfortunately too busy with other (probably less interesting, but
profitable) projects.
Quick question:
On Wed, Feb 02, 2005 at 12:52:17AM +0800, Xin LI wrote:
+> ??? 2005-02-01?? 11:40 +0100???Pawel Jakub Dawidek?
+> > The thing that can be useful IMHO is possibility to use
+> > reboot(8)/shutdown(8), etc. inside a jail, but...
+> > I'm unfortunately too busy with other (probably less in
å 2005-02-01äç 11:40 +0100ïPawel Jakub Dawidekåéï
> The thing that can be useful IMHO is possibility to use
> reboot(8)/shutdown(8), etc. inside a jail, but...
> I'm unfortunately too busy with other (probably less interesting, but
> profitable) projects.
Quick question: Is this mean we can have
On Mon, 31 Jan 2005, Xin LI wrote:
> What I am going to proposal is a concept that I call it "skeleton jail",
> or "skeljail" for short. A skel jail is something that shares most base
> system binaries/libraries with the host, through read-only mount_null's.
Please post your scripts :-) We rec
On Mon, Jan 31, 2005 at 11:13:04PM -0800, Justin Hopper wrote:
+> We are considering open sourcing all of our stuff, to contribute back
+> what we can to the OS that allowed us to build our entire company. I'd
+> really like to see what others have done to make jails more manageable,
+> as it seem
Dear Xin,
On Mon, 31 Jan 2005, Xin LI wrote:
XL> What I am going to proposal is a concept that I call it "skeleton jail",
XL> or "skeljail" for short. A skel jail is something that shares most base
XL> system binaries/libraries with the host, through read-only mount_null's.
[snip]
XL> I have s
> I'm curious if your idea for jails extends to running 50+ jails on a box
> or not? I'd definitely be interested in any feedback you have on what
> problems may or may not be encountered with so many mounts and also the
> stability of nullfs nowadays.
PHK has just made a call for unionfs and nul
On Mon, 2005-01-31 at 21:39 +0800, Xin LI wrote:
> Dear folks,
>
> The recent discussion about whether we should have the perl port to
> touch/install /usr/bin/perl. While I'm not interested in joining the
> discussion, it inspired me that we can make use of the fact that ports
> should not insta
On Mon, Jan 31, 2005 at 01:29:24PM -0600, [EMAIL PROTECTED] wrote:
> Very nice idea!! This greatly improves jail management on FreeBSD. There
> is a possibility for a minor drawback -- if one can change a system binary
> in the host system, them all jails are compromised -- but assuming one
> woul
Very nice idea!! This greatly improves jail management on FreeBSD. There
is a possibility for a minor drawback -- if one can change a system binary
in the host system, them all jails are compromised -- but assuming one
would need root access on the host to change the binary, he would have
power to
å 2005-01-31äç 17:10 +0100ïJeremie Le Henåéï
> On Mon, Jan 31, 2005 at 09:39:52PM +0800, Xin LI wrote
[snip]
> Why don't you simply call the target "installjail" instead of
> "installskel" ?
I'd admit that I have chosen the name just by chance. I prefer
installskel over installjail since I think
On Mon, Jan 31, 2005 at 09:39:52PM +0800, Xin LI wrote:
> Dear folks,
>
> The recent discussion about whether we should have the perl port to
> touch/install /usr/bin/perl. While I'm not interested in joining the
> discussion, it inspired me that we can make use of the fact that ports
> should no
Dear folks,
The recent discussion about whether we should have the perl port to
touch/install /usr/bin/perl. While I'm not interested in joining the
discussion, it inspired me that we can make use of the fact that ports
should not install things to "system" area and take advantage from it.
Finall
30 matches
Mail list logo
