Not sure if this has already made it to the mailing list or not. My
uni email account has started blocking email inbound and outbound to
the freebsd servers. If I have missed anything since the post I am
replying to I would appreciate if it could be forwarded on to me at
this address...thanks :)
Anish Mistry wrote:
On Monday 14 March 2005 10:15 am, Samuel J. Greear wrote:
On Sunday 13 March 2005 14:24, Anish Mistry wrote:
On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote:
Samuel J. Greear wrote:
Not a bad 'idea' at all, although I won't comment on
semantics. I had something implemented
Anish Mistry wrote:
On Monday 14 March 2005 10:15 am, Samuel J. Greear wrote:
On Sunday 13 March 2005 14:24, Anish Mistry wrote:
On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote:
Samuel J. Greear wrote:
Not a bad 'idea' at all, although I won't comment on
semantics. I had something implemented
On Monday 14 March 2005 10:15 am, Samuel J. Greear wrote:
> On Sunday 13 March 2005 14:24, Anish Mistry wrote:
> > On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote:
> > > Samuel J. Greear wrote:
> > > > Not a bad 'idea' at all, although I won't comment on
> > > > semantics. I had something imp
On Sunday 13 March 2005 14:24, Anish Mistry wrote:
> On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote:
> > Samuel J. Greear wrote:
> > > Not a bad 'idea' at all, although I won't comment on semantics.
> > > I had something implemented using fs stacking (in a very hackish
> > > way, and I belie
Anish Mistry wrote:
On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote:
Samuel J. Greear wrote:
Not a bad 'idea' at all, although I won't comment on semantics.
I had something implemented using fs stacking (in a very hackish
way, and I believe it's lost now, so don't ask to see it...) to
implem
On Sunday 13 March 2005 01:23 pm, Chris Hodgins wrote:
> Samuel J. Greear wrote:
> > Not a bad 'idea' at all, although I won't comment on semantics.
> > I had something implemented using fs stacking (in a very hackish
> > way, and I believe it's lost now, so don't ask to see it...) to
> > implemen
Samuel J. Greear wrote:
Not a bad 'idea' at all, although I won't comment on semantics. I had
something implemented using fs stacking (in a very hackish way, and I
believe it's lost now, so don't ask to see it...) to implement per-jail
quota's that seemed to work quite well.
Sam
Feel free to com
Not a bad 'idea' at all, although I won't comment on semantics. I had
something implemented using fs stacking (in a very hackish way, and I
believe it's lost now, so don't ask to see it...) to implement per-jail
quota's that seemed to work quite well.
Sam
>
> This might be a very stupid idea b
Denis Shaposhnikov wrote:
"Frank" == Frank Knobbe <[EMAIL PROTECTED]> writes:
Frank> If you nullfs these directories, you loose the ability to
Frank> prune the jail. Pruning is part of system hardening. I'd
May be it's better to use unionfs, so anybody can replace binaries
with their stub versio
> "Frank" == Frank Knobbe <[EMAIL PROTECTED]> writes:
Frank> If you nullfs these directories, you loose the ability to
Frank> prune the jail. Pruning is part of system hardening. I'd
May be it's better to use unionfs, so anybody can replace binaries
with their stub version pre jail.
--
DS
On Mon, 2005-01-31 at 13:29 -0600, [EMAIL PROTECTED] wrote:
> Very nice idea!! This greatly improves jail management on FreeBSD. There
> is a possibility for a minor drawback -- if one can change a system binary
> in the host system, them all jails are compromised -- but assuming one
> would need r
I missed the beginning of the thread, but I thought I would point out
the rough script (mknulljail.sh) I wrote awhile back that uses nullfs.
I also have a update script (fbinst.sh) for FreeBSD that handles jails.
http://www.farley.org/?page=software
mknulljail.sh is getting old and can be used for
On Tue, Feb 01, 2005 at 01:31:11PM -0800, Justin Hopper wrote:
+> > I've made some fixes a week or something
+> > ago, I just created a patch against HEAD if you want to try it:
+> >
+> >http://people.freebsd.org/~pjd/patches/jail_2005020101.patch
+> >
+> > There can still be some remaining
On Tue, 2005-02-01 at 11:40 +0100, Pawel Jakub Dawidek wrote:
> On Mon, Jan 31, 2005 at 11:13:04PM -0800, Justin Hopper wrote:
> +> We are considering open sourcing all of our stuff, to contribute back
> +> what we can to the OS that allowed us to build our entire company. I'd
> +> really like to
In my opinion, FreeBSD is currently behind in virtual server
implementations for a few reasons;
It does not support multiple IPs in jails. Sure, there are patches, but
the one here doesn't compile on 5.3-STABLE, for example. Support
integrated into the base system would be neat. It would also be n
I have attached an "alpha" patch in attachment that implements skeljail,
which includes an "installskel" target to install a (hmm... as many as
you wish and your hard disk allows) skeleton after buildworld.
In order to make use it, follow the following procedure:
0. make buildworld is a prerequis
On Wed, 2 Feb 2005, Xin LI wrote:
在 2005-02-01二的 11:40 +0100,Pawel Jakub Dawidek写道:
The thing that can be useful IMHO is possibility to use
reboot(8)/shutdown(8), etc. inside a jail, but...
I'm unfortunately too busy with other (probably less interesting, but
profitable) projects.
Quick question:
On Wed, Feb 02, 2005 at 12:52:17AM +0800, Xin LI wrote:
+> ??? 2005-02-01?? 11:40 +0100???Pawel Jakub Dawidek?
+> > The thing that can be useful IMHO is possibility to use
+> > reboot(8)/shutdown(8), etc. inside a jail, but...
+> > I'm unfortunately too busy with other (probably less in
å 2005-02-01äç 11:40 +0100ïPawel Jakub Dawidekåéï
> The thing that can be useful IMHO is possibility to use
> reboot(8)/shutdown(8), etc. inside a jail, but...
> I'm unfortunately too busy with other (probably less interesting, but
> profitable) projects.
Quick question: Is this mean we can have
On Mon, 31 Jan 2005, Xin LI wrote:
> What I am going to proposal is a concept that I call it "skeleton jail",
> or "skeljail" for short. A skel jail is something that shares most base
> system binaries/libraries with the host, through read-only mount_null's.
Please post your scripts :-) We rec
On Mon, Jan 31, 2005 at 11:13:04PM -0800, Justin Hopper wrote:
+> We are considering open sourcing all of our stuff, to contribute back
+> what we can to the OS that allowed us to build our entire company. I'd
+> really like to see what others have done to make jails more manageable,
+> as it seem
Dear Xin,
On Mon, 31 Jan 2005, Xin LI wrote:
XL> What I am going to proposal is a concept that I call it "skeleton jail",
XL> or "skeljail" for short. A skel jail is something that shares most base
XL> system binaries/libraries with the host, through read-only mount_null's.
[snip]
XL> I have s
> I'm curious if your idea for jails extends to running 50+ jails on a box
> or not? I'd definitely be interested in any feedback you have on what
> problems may or may not be encountered with so many mounts and also the
> stability of nullfs nowadays.
PHK has just made a call for unionfs and nul
On Mon, 2005-01-31 at 21:39 +0800, Xin LI wrote:
> Dear folks,
>
> The recent discussion about whether we should have the perl port to
> touch/install /usr/bin/perl. While I'm not interested in joining the
> discussion, it inspired me that we can make use of the fact that ports
> should not insta
On Mon, Jan 31, 2005 at 01:29:24PM -0600, [EMAIL PROTECTED] wrote:
> Very nice idea!! This greatly improves jail management on FreeBSD. There
> is a possibility for a minor drawback -- if one can change a system binary
> in the host system, them all jails are compromised -- but assuming one
> woul
Very nice idea!! This greatly improves jail management on FreeBSD. There
is a possibility for a minor drawback -- if one can change a system binary
in the host system, them all jails are compromised -- but assuming one
would need root access on the host to change the binary, he would have
power to
å 2005-01-31äç 17:10 +0100ïJeremie Le Henåéï
> On Mon, Jan 31, 2005 at 09:39:52PM +0800, Xin LI wrote
[snip]
> Why don't you simply call the target "installjail" instead of
> "installskel" ?
I'd admit that I have chosen the name just by chance. I prefer
installskel over installjail since I think
On Mon, Jan 31, 2005 at 09:39:52PM +0800, Xin LI wrote:
> Dear folks,
>
> The recent discussion about whether we should have the perl port to
> touch/install /usr/bin/perl. While I'm not interested in joining the
> discussion, it inspired me that we can make use of the fact that ports
> should no
29 matches
Mail list logo
