Am 2023-09-22 14:02, schrieb Konstantin Belousov:
On Fri, Sep 22, 2023 at 01:44:33PM +0200, Alexander Leidinger wrote:
Hi,
I'm trying to debug an issue with pinentry-tty. The reason is that I
want to
export a gpg secret key, but it fails when the gpg-agent tries to ask
for
the P
Hi,
I'm trying to debug an issue with pinentry-tty. The reason is that I
want to export a gpg secret key, but it fails when the gpg-agent tries
to ask for the PW. An alternative way to export the key works, but the
main way should work too. So I took the time now to dig deeper. This is
inside
Quoting "Bjoern A. Zeeb" (from Tue, 13 Dec 2022
23:03:42 + (UTC)):
Hi,
I have used scripts like the below for almost a decade and a half
(obviously doing more than that in the middle). I haven't used them
much lately but given other questions I just wanted to fire up a test.
I have a
Quoting FreeBSD User (from Sun, 15 May 2022
12:49:06 +0200):
On Sun, 03 Apr 2022 21:48:42 +0200
Alexander Leidinger wrote:
Hi,
attached is a new implementation of service jails (auto-jailing of
services). This one now supports rc command prefixes (e.g. onestart)
and I tested it in nested
Hi,
attached is a new implementation of service jails (auto-jailing of
services). This one now supports rc command prefixes (e.g. onestart)
and I tested it in nested jails. The benefit of auto-jailing services
is, that you can apply some restrictions to services (and what other
processes
Quoting Jens Schweikhardt (from Fri, 1 Apr
2022 14:26:27 +0200 (CEST)):
Identifier confusion? You use _rc_svcs and _rc_svcj in your description.
Typo s/svcs/svcj/ in the explanation.
The diff/code has the vars correct (svcj) and the conditional and the
setting are close to each other
Hi,
I'm overlooking something fundamental it seems...
Context:
I'm working on my auto-jailing of services idea: if the auto-jail is
enabled, a service like syslog is started inside a jail (which
inherits the FS and depending on some settings also inherits network
and other stuff or not).
Hi,
it seems someone is working on a OCI-compatible runtime for jails:
https://github.com/samuelkarp/runj
I stumbled over this and thought maybe someone here is interested
enough to help the author...
Bye,
Alexander.
--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F27
Quoting Kyle Evans (from Thu, 10 Dec 2020
12:44:27 -0600):
Currently it adds an /etc/jail.d, but the point was raised that we
have a mixture of these with different naming conventions and that
/etc/jail.conf.d may be better -- I'm inclined to agree since
I would prefer jail.conf.d.
Also,
Quoting Ernie Luzar (from Fri, 17 Jul 2020
16:31:53 -0400):
Alexander Leidinger wrote:
Quoting Ernie Luzar (from Fri, 17 Jul 2020
08:46:07 -0400):
Trying to figure out how to configure a vnet jail so it is
restricted to only being able to talk to other vnet jails on the
same host IE
Quoting Ernie Luzar (from Fri, 17 Jul 2020
08:46:07 -0400):
Trying to figure out how to configure a vnet jail so it is
restricted to only being able to talk to other vnet jails on the
same host IE: local only vnet jails. As different to being able to
access the public internet type of vn
Quoting Dan Langille (from Tue, 30 Jun 2020
21:02:24 -0400):
On Tue, Jun 30, 2020, at 8:30 PM, Ernie Luzar wrote:
I think I have determined what your talking about. All the vnet
literature talks about a vnet jail having it's own separate ip stack. I
interpreted this to mean that the vnet ja
Quoting squiggly foo (from Mon, 08 Jun 2020
21:35:23 -0500):
Hi Alexander,
You seem to have a lot of experience with X11 so I'm happy to hear
your advice.
To answer your first question about where the graphical output needs
to happen:
I am not sure I am understanding your question, but
Quoting squiggly foo (from Fri, 05 Jun 2020
15:10:05 -0500):
Thanks to Dave for pointing out that my HTML message was stripped. I
am trying this again.
Hi All,
I'm using FreeBSD as a workstation trying to keep everything as
lightweight and
segregated as possible. So I am running GUI app
Hi,
I updated from r347365 to r349853. Now I get a panic on epair destroy
(one end needs to be in a jail, and inside the jail an IP address
needs to be assigned to the epair. If no ifconfig is used inside the
jail, there is no panic.
Another user reported something similar (but for him it
http://www.leidinger.net/FreeBSD/current-patches/rc_svc_jails.diff
--
Send from a mobile device, please forgive brevity and misspellings.
Am 24. Februar 2019 9:48:19 nachm. schrieb Miroslav Lachman <000.f...@quip.cz>:
Alexander Leidinger via freebsd-jail wrote on 2019/02/24
Hi,
Thanks to MWL for his upcoming jail book, it inspired me to come up with this.
Note, I'm not subscribed to freebsd-rc, please keep at least jail@ in
copy (I'm subscribed there).
I propose to extend the rc system to automatically jail services in a
light sense (off by default, can be en
Hi.
You see the dataset name of zfs without stripping. The mount point is
correctly stripped. I don't remember how this looks on ufs.
With jailed datasets we would need more than just some code to remove parts
of the name.
So it's a doc bug (clarity about mount points and dataset names) and
Quoting Oleg Ginzburg (from Thu, 13 Sep 2018
18:45:51 +0300):
With persist mode, CBSD created jail in follow scenario:
1) jail -c (create jail) in persist mode ( with empty exec.start script )
2) exec inside jail something (zfs attach, /sbin/ifconfig ... ), what
you need to do before launch
Quoting Hongjiang Zhang via freebsd-jail
(from Fri, 7 Jul 2017 02:05:52 +):
Hi, all
Recently, I explored the possibility to implement a FreeBSD runtime
(based on Jail) for opencontainers/runc. I have an experimental
implementation of FreeBSD runc, which supports some of runc commands
Quoting "James B. Byrne via freebsd-jail"
(from Fri, 23 Dec 2016 09:33:17 -0500):
I am experimenting with jails on a bhyve vm guest running FBSD-11.0
using ezjail. I am having a problem with network connections to the
outside from within the jail. I have sshd configured and I can reach
the
Quoting Miroslav Lachman <000.f...@quip.cz> (from Mon, 19 Dec 2016
18:57:39 +0100):
Alexander Leidinger wrote on 2016/12/19 17:56:
Quoting Miroslav Lachman <000.f...@quip.cz> (from Sun, 18 Dec 2016
13:20:31 +0100):
Alexander Leidinger wrote on 2016/12/17 19:59:
Quoting SK (
Quoting Miroslav Lachman <000.f...@quip.cz> (from Sun, 18 Dec 2016
13:20:31 +0100):
Alexander Leidinger wrote on 2016/12/17 19:59:
Quoting SK (from Fri, 16 Dec 2016 14:02:20 +):
If I understand you correctly, what you are suggesting is, the dataset
used by the jail itself f
Quoting SK (from Fri, 16 Dec 2016 14:02:20 +):
On 16/12/2016 13:15, Alexander Leidinger wrote:
For one of the filesystems I have set "zfs allow" permissions, but
just that a specific user in the jail can do something on those FS
without the need to switch to root. So as l
Quoting SK (from Mon, 12 Dec 2016 17:13:27 +):
b) Alexander, I am still not able to do snapshot or any other action
from within my jail. My understanding is that you are using ezjail,
which might be doing something that my regular jail creation is
ommitting. If you do not mind sharing
Quoting SK (from Thu, 8 Dec 2016 19:13:15 +):
@Alexander : I checked out your link. It is interesting, but you are
using ezjail which I am trying to avoid. I have nothing against it,
but I think making it working without too many additional layer of
obfuscation will help me learn it be
Quoting SK (from Thu, 8 Dec 2016 16:41:29 +):
Thank you for your response. I tried setting it up like that (use
zfs set jailed=on), and that did not work. I could not even run zfs
from within the jail. Maybe I did something wrong -- so I am setting
up a test box where I can try them al
Quoting "Martin \"eto\" Misuth" (from Tue, 6
Sep 2016 16:07:31 +0200):
On Tue, 6 Sep 2016 13:19:13 +
Grzegorz Junka wrote:
How would I know that this is not implemented in the linux
emulation layer rather than disabled on the host?
I would be interested in resource documenting emulat
Quoting CyberLeo Kitsana (from Tue, 16 Aug
2016 16:08:42 -0500):
Issuing "ipfstat -hnio command from within the vnet jail gives this
message, open(IPSTATE_NAME):no such file or directory.
ipfstat(8) also lists /dev/kmem ; I suspect that including this may be a
bad idea.
kmem will give acc
On Thu, 24 Jul 2014 10:07:52 -0600 (MDT)
Warren Block wrote:
> devfsrules_jail is defined in /etc/defaults/devfs.rules, but a new
> ruleset is needed to unhide bpf devices for using check_dhcp in a
> jail.
>
> It seems clunky to define the new ruleset in /etc/devfs.rules on the
> host. Is the
On Fri, 11 Oct 2013 15:42:11 -0500
Mark Felder wrote:
> On Fri, Oct 11, 2013, at 14:30, Dirk Engling wrote:
> > On 11.10.13 21:27, wishmaster wrote:
> >
> > > Yeah!? But do you think updating python in each jail this is the
> > > right solution? Freebsd-update in each jail?? What about when
> >
On Fri, 17 Jun 2011 14:46:59 -0400 Lars Kellogg-Stedman
wrote:
> Hello all,
>
> Hi there,
>
> I am trying to expose a hierarchy of home directories to a number of
> FreeBSD jails. The home directories are configured such that each is a
> unique ZFS dataset. The jails are used for development wo
Quoting Aaron Weeden (from Mon, 6 Jun
2011 16:11:45 -0400):
I am wondering if a parent can export NFS from a mount point inside of
a jail running on that host. More specifically, here is the scenario:
The parent, murphy, is FreeBSD 8.2-STABLE, running ezjail version 3.0.
A jail, positron,
Quoting Alexander Leidinger (from Fri, 27
May 2011 09:43:08 +0200):
Quoting Doug Ambrisko (from Thu, 26 May 2011
10:36:24 -0700 (PDT)):
Alexander Leidinger writes:
| Just to make sure we talk about the same things:
| Did you configure the X server to use 3D (dri and glx in the
Quoting Doug Ambrisko (from Thu, 26 May 2011
10:36:24 -0700 (PDT)):
Alexander Leidinger writes:
| Just to make sure we talk about the same things:
| Did you configure the X server to use 3D (dri and glx in the modules
| section, dri section in the X11 config, dri device visible in devfs
Ooops, s/jails@/jail@/ ...
Quoting Doug Ambrisko (from Wed, 25 May 2011
09:42:20 -0700 (PDT)):
CCing jails@
Alexander Leidinger writes:
| Quoting Doug Ambrisko (from Thu, 19 May 2011
| 14:38:40 -0700 (PDT)):
|
| > Alexander Leidinger writes:
| > | On Thu, 19 May 2011 10:24:59 -070
Quoting James O'Gorman (from Mon, 28 Jun 2010
23:40:21 +0100):
On 28 Jun 2010, at 16:38, Jamie Gritton wrote:
On 06/28/10 08:41, Rodrigo Mosconi wrote:
An idea: if it works like a "jaild"? A daemon management the start-up,
shutdown, console redirection? All the admins task could be done
Quoting Jamie Gritton (from Thu, 24 Jun 2010
10:30:42 -0600):
On 06/24/10 06:43, Alexander Leidinger wrote:
On Wed, 23 Jun 2010 13:48:28 -0600 Jamie Gritton
wrote:
The rc system is becoming increasingly unable to handle the newer jail
features. We've held off patching /etc/rc.d/jai
On Wed, 23 Jun 2010 13:48:28 -0600 Jamie Gritton
wrote:
> The rc system is becoming increasingly unable to handle the newer jail
> features. We've held off patching /etc/rc.d/jail for new parameters,
> with the promise of something better. Here's my outline of what I
> hope will be in fact bet
Quoting Andrew Hotlab (from Thu, 3 Jun
2010 22:04:44 +):
I've never had to make Squid listening on port 80, but referring its
startup script in /usr/local/etc/rc.d/:
# squid_user: The user id that should be used to run the Squid master
# process. Default: squid.
#
On Tue, 5 Jan 2010 11:24:47 +0100 Alexander Leidinger
wrote:
> On Mon, 07 Dec 2009 08:03:53 +0100 Alexander Leidinger
> wrote:
>
> > Hi,
> >
> > now that jails are started in the background (which is good, to
>
> I just realized yesterday that it also stops
On Wed, 3 Mar 2010 19:06:36 +0100 Roman Divacky
wrote:
> On Wed, Mar 03, 2010 at 11:59:49AM -0500, John Nielsen wrote:
> > On Wednesday 03 March 2010 03:00:50 Roman Divacky wrote:
> > > I succesfully ran chroot of linux environment on freebsd back in
> > > 2007/2008. I firmly believe jail should
On Mon, 8 Feb 2010 11:29:41 -0800 Jose Amengual M
wrote:
> My question is :
>
> Do I need to reinstall portupgrade and reinstall all ports ?
>
> Did I do the proper export and import process ?
>
> The jail where running on 7.0 and the basejail dir was from 7.0, now
> is from 8.0 and I understa
Quoting Remko Lodder (from Mon, 25 Jan 2010
07:44:10 +0100):
Note that I haven't tsted it, but I don't see any errors in the patch.
---snip---
--
Simon L. Nielsen
Snipping a whole lot of data...
Thanks Simon, I will try to get to that as soon as possible, Alexander:
please feel
Quoting Miroslav Lachman <000.f...@quip.cz> (from Tue, 05 Jan 2010
11:45:34 +0100):
Alexander Leidinger wrote:
On Mon, 07 Dec 2009 08:03:53 +0100 Alexander Leidinger
wrote:
Hi,
now that jails are started in the background (which is good, to
I just realized yesterday that it also
Quoting Remko Lodder (from Tue, 5 Jan 2010
11:35:48 +0100):
On Tue, January 5, 2010 11:24 am, Alexander Leidinger wrote:
On Mon, 07 Dec 2009 08:03:53 +0100 Alexander Leidinger
wrote:
Hi,
now that jails are started in the background (which is good, to
I just realized yesterday that it
On Mon, 07 Dec 2009 08:03:53 +0100 Alexander Leidinger
wrote:
> Hi,
>
> now that jails are started in the background (which is good, to
I just realized yesterday that it also stops in parallel (in the
background). This is bad. It may be the case that a jail is not fully
stopped v
Quoting Miroslav Lachman <000.f...@quip.cz> (from Mon, 07 Dec 2009
13:27:31 +0100):
Alexander Leidinger wrote:
Quoting Alexander Petrovsky (from Mon, 7 Dec 2009
17:04:04 +0800):
Hello!
I want merge all my jails (ezjail framework) working under freebsd 7.2 to
freebsd 8.0 with s
Quoting Alexander Petrovsky (from Mon, 7 Dec 2009
17:04:04 +0800):
Hello!
I want merge all my jails (ezjail framework) working under freebsd 7.2 to
freebsd 8.0 with support vimage. Ezjail don't support jail_NAME_flags=""
http://www.leidinger.net/FreeBSD/current-patches/jail.diff
Take only t
Hi,
now that jails are started in the background (which is good, to
prevent that a broken jail causes a good jail not to start), I have to
problem how to express dependencies.
Scenario:
- several jails on the same machine (via ezjail)
- one jail depends on the services of another jail, e.
-i tightvncserver" and when it abortet
you can have a look with kdump|less what it tries to do.
Bye,
Alexander.
> Thank you,
> regards
>
> On Oct 9, 2009, at 10:45 AM, Alexander Leidinger wrote:
>
> > Quoting hulibyaka hulibyaka (from Thu, 8 Oct
> > 2009 22:01:23 +
Quoting hulibyaka hulibyaka (from Thu, 8 Oct
2009 22:01:23 +0400):
What the difference for restriction on /dev/io between chroot and
jail? How can i get all needed by xinit privileges on /dev/io within
jail ?
There are additional access restrictions in the kernel when run in a
jail. You
On Thu, 20 Aug 2009 11:50:49 -0700 Jose Amengual
wrote:
> The server is now 7.0 and was wondering what is the best practice to
> maintain security patches and kernel updates and I came out with the
> following idea :
>
> 1.- freebsd-update fetch install ( host system)
> 2.- rebuild kernel (
Quoting "Bjoern A. Zeeb" (from Tue, 7
Jul 2009 11:08:46 + (UTC)):
Alternatively I wouldn't wonder if enabling raw sockets would give
Didn't work for me.
what you want or you'll wait for virtualization to be ready.
As _I_ don't need it on -stable: it's what I'm waiting for.
Bye,
Ale
Quoting Bill Marquette (from Mon, 6
Jul 2009 20:14:02 -0500 (CDT)):
I'm trying to run Avahi in a jail, much the same as Alexander
Leidinger in this email from late last year
http://www.mail-archive.com/freebsd-jail@freebsd.org/msg00587.html.
I couldn't find any replies to t
Quoting Jamie Gritton (from Mon, 29 Jun 2009
11:30:49 -0600):
Alexander Leidinger wrote:
at http://www.leidinger.net/FreeBSD/current-patches/jail.diff I
have a patch to switch the jail rc script to the new jail
(8-current) syntax. This includes new config options for a jail
(see etc
On Sat, 27 Jun 2009 12:21:09 + (UTC) "Bjoern A. Zeeb"
wrote:
> On Sat, 27 Jun 2009, Alexander Leidinger wrote:
>
> > On Sat, 27 Jun 2009 10:47:47 + (UTC) "Bjoern A. Zeeb"
> > wrote:
> >
> >
> >> On Sat, 27 Jun 2009, Alexan
On Sat, 27 Jun 2009 10:47:47 + (UTC) "Bjoern A. Zeeb"
wrote:
> On Sat, 27 Jun 2009, Alexander Leidinger wrote:
>
> > at http://www.leidinger.net/FreeBSD/current-patches/jail.diff I
> > have a patch to switch the jail rc script to the new jail
> > (8-
Hi,
at http://www.leidinger.net/FreeBSD/current-patches/jail.diff I have a
patch to switch the jail rc script to the new jail (8-current) syntax.
This includes new config options for a jail (see etc/defaults/rc.conf
after patching). The patch also contains my X-in-a-jail stuff (feel
free to ignore
Quoting "Bjoern A. Zeeb" <[EMAIL PROTECTED]> (from Mon, 1
Dec 2008 09:41:46 + (UTC)):
Hi,
as you may have already noticed multi-IPv4/v6/no-IP jails have hit
HEAD. See commit message attached.
Will this introduce changes how multicast is handled in jails, or is
it the same behavior as
Hi,
does someone know if multicast is supposed to work in a jail?
I'm playing around with avahi (mDNS / DNS-SD) in a jail. Now that I
defined a lot of service descriptions for all my jails, I wanted to
test this and tried to browse the service descriptions via mDNS. But
somehow I get no ou
Quoting Miroslav Lachman <[EMAIL PROTECTED]> (from Fri, 17 Oct 2008
11:48:03 +0200):
Alexander Leidinger wrote:
Quoting Jose Amengual <[EMAIL PROTECTED]> (from Thu, 16 Oct
2008 08:43:15 -0300):
Hi Guys.
The other day I install a server with jails with FreeBSD 7 32 bit
Quoting Andrew Snow <[EMAIL PROTECTED]> (from Fri, 17 Oct 2008
20:19:51 +1100):
Alexander Leidinger wrote:
Sort of. You can install a 32bit world into the jail and make sure
32bit support is activated in the kernel. The 32bit programs will
then run just fine in the jail (but 64bi
Quoting Jose Amengual <[EMAIL PROTECTED]> (from Thu, 16 Oct 2008
08:43:15 -0300):
Hi Guys.
The other day I install a server with jails with FreeBSD 7 32 bit in
a 64 bit capable processor.
After I install I start wondering some things that I point out here :
Any benefit to install 64 bit
Quoting Nejc Skoberne <[EMAIL PROTECTED]> (from Thu, 16 Oct 2008
00:03:53 +0200):
Hello,
I have samba running in a jail (8-current from a month or two ago, no
multi-IP patch). No problems here.
I haven't tried 8-CURRENT, though.
I use it with network drives, so I'm not sure about broadca
Quoting "Bjoern A. Zeeb" <[EMAIL PROTECTED]> (from Fri, 3
Oct 2008 08:21:53 + (UTC)):
3) In samba it used to be the
interfaces =
config option that you would set to the (primary) IP of your jail.
With the above you should be able to address the samba server inside
the jail and
Quoting "Scott Lambert" <[EMAIL PROTECTED]> (from Wed, 2 Jul 2008
15:22:35 -0500):
I'm probably doing this completely wrong. I setup a couple of jails
using simple image files because I thought that would make migration
to another server more straightforward. I am now trying to migrate my
fi
Quoting Robert Watson <[EMAIL PROTECTED]> (from Wed, 25 Jun 2008
17:53:36 +0100 (BST)):
I don't know of any specific vulnerabilities that will open up, and
I don't have time to read the source code to find them now, but I do
promise you that if you allow arbitrary mounting of file systems i
Quoting Robert Watson <[EMAIL PROTECTED]> (from Wed, 25 Jun 2008
16:57:17 +0100 (BST)):
On Wed, 25 Jun 2008, Alexander Leidinger wrote:
Oh: I haven't checked if this actually works. I don't know if all
places DTRT then. Normally it should work, but you better test if
it
Quoting Alexander Leidinger <[EMAIL PROTECTED]> (from Wed, 25
Jun 2008 17:34:01 +0200):
To do this edit src/sys/nfsclient/nfs_vfsopts.c, search VFS_SET and
change it to
VFS_SET(nfs_vfsops, nfs, VFCF_NETWORK|VFCF_JAIL);
Oh: I haven't checked if this actually works. I don&#x
Quoting Boris Samorodov <[EMAIL PROTECTED]> (from Wed, 25 Jun 2008 17:53:49
+0400):
# lsvfs
FilesystemRefs Flags
- ---
nfs4 0 network
zfs 6 jail
ntfs
Quoting Miroslav Lachman <[EMAIL PROTECTED]> (from Fri, 23 May 2008
00:32:44 +0200):
Alexander Leidinger wrote:
Quoting Miroslav Lachman <[EMAIL PROTECTED]> (from Thu, 22 May 2008
13:19:55 +0200):
Peter Ankerstål wrote:
http://wiki.freebsd.org/JailResourceLimits
If the
Quoting Miroslav Lachman <[EMAIL PROTECTED]> (from Thu, 22 May 2008
13:19:55 +0200):
Peter Ankerstål wrote:
http://wiki.freebsd.org/JailResourceLimits
If the are somebody with skills and time to resurrect some mentioned
projects, I am willing to help with testing.
Also it will be good t
Quoting Andrew Snow <[EMAIL PROTECTED]> (from Mon, 19 May 2008
21:08:38 +1000):
Sorry for previous message, it wasn't devfs rules at all that solved
this problem.
The rules you posted are part of some kind of workaround. The rules
didn't include the "syslog pipe" for kernel messages (de
Quoting Scott Lambert <[EMAIL PROTECTED]> (from Mon, 19 May 2008
00:17:07 -0500):
Is this supposed to happen? FreeBSD 6.2
order.cgi is only installed in one jail on this system, but I see
this report in all the jail on that system. The below lines are from
the daily security run output for
Quoting Jeffrey Smith <[EMAIL PROTECTED]> (from Sun, 20 Apr
2008 15:49:39 -0400):
I previously posted a howto to use zfs to manage jails. The first
update through freebsd-update has been released. Testing this I get
[snip]
But I still get that same error. Does anyone have any idea what
Quoting William Bentley <[EMAIL PROTECTED]> (from Sun, 6 Apr 2008
12:37:40 -0700 (PDT)):
This is my first submission to freebsd so I hope this
is the right way to do it. I have attached a patch
that I would like to submit to expand the capability
of the /etc/rc.d/jail
This patch allows for ta
Quoting Alexander Leidinger <[EMAIL PROTECTED]> (from Mon, 10
Mar 2008 12:28:29 +0100):
I've read in some web based discussions some stuff about this. I would
like to clarify some things here in the official place.
You also need to setup /etc/devfs.rules (this is a copy of
Quoting Jeremie Le Hen <[EMAIL PROTECTED]> (from Tue, 11 Mar 2008
22:02:16 +0100):
Hi Alexander,
On Mon, Mar 10, 2008 at 12:28:29PM +0100, Alexander Leidinger wrote:
at http://www.Leidinger.net/FreeBSD/current-patches/jail.diff I have some
changes which should apply to RELENG_7(_
Hi,
at http://www.Leidinger.net/FreeBSD/current-patches/jail.diff I have
some changes which should apply to RELENG_7(_0) and HEAD which allow
access to /dev/io (if configured appropriately, see the included
man-page change). This is needed to run a X server in a jail. You may
also need to
Quoting Tommy Pham <[EMAIL PROTECTED]> (from Thu, 21 Feb 2008
11:09:59 -0800 (PST)):
Thanks for the reply. I understand what those options but What I'm
trying to ask is as I've set those options for the jails, what other
differences are there between host & jail environment since turning on
t
Quoting Tommy Pham <[EMAIL PROTECTED]> (from Thu, 21 Feb 2008
04:16:58 -0800 (PST)):
Hi,
Could someone please explain to me the difference between host and jail
when the security.jail settings are as follow:
security.jail.mount_allowed: 1
You are allowed to use mount inside the jail.
sec
Quoting Glen Barber <[EMAIL PROTECTED]> (from Thu, 31 Jan 2008
04:36:09 -0500):
Kurt Buff said:
I've started over, at this point.
I've blown away /jails/wotan (and used chflags -R noschg * to make
sure nothing was left), and am using this command line to leave this
running overnight - I'll
Quoting André Olsson <[EMAIL PROTECTED]> (from Thu, 24 Jan
2008 09:43:44 +0100):
Hi
Could you please give an example of your modifications in your custom kernel
to be able to run a X-server in a jail, furthermore your custom ruleset for
devfs.
Copy & paste, whitespace may be wrong...:
---
Quoting André Olsson <[EMAIL PROTECTED]> (from Thu, 17 Jan
2008 11:30:00 +0100):
Hi
we are trying to set up a client with FreeBSD 6.2-RELEASE as the
host OS and with two jails configured on it.
Each jail is going to run a Citrix-client against two different
separated Citrix-systems.
S
Quoting "Andrew Hotlab" <[EMAIL PROTECTED]> (Wed, 2 Jan 2008 13:12:24 +0100):
> --
> From: "Alexander Leidinger" <[EMAIL PROTECTED]>
> Sent: Sunday, December 30, 2007 12:41 AM
> To: "Andrew Hotlab&quo
Quoting Andrew Hotlab <[EMAIL PROTECTED]> (from Mon, 24 Dec
2007 19:04:31 +0100):
--
From: "Alexander Leidinger" <[EMAIL PROTECTED]>
Sent: Thursday, December 20, 2007 4:46 PM
To: ; "Andrew Hotlab" <[EMAIL PRO
Quoting "Andrew Hotlab" <[EMAIL PROTECTED]> (Thu, 20 Dec 2007
14:34:35 +0100):
> > > All that is working fine now, but I wonder if I could speed up the
> > > whole process, by switching to the binary update method. By using
> > > the freebsd-update(8) utility on the host I think to maintain the
>
Quoting Andrew Hotlab <[EMAIL PROTECTED]> (from Wed, 19 Dec
2007 14:42:31 +):
Coming from a MSFT professional experience, I've been particularly
impressed by the FreeBSD jail system, and I'm using the ezjail
framework to manage some jails on a FreeBSD 6.2-RELEASE host in a
pre-prod
Quoting James Gritton <[EMAIL PROTECTED]> (from Tue, 18 Sep 2007
15:03:12 -0600):
I've been doing some work on a hierarchical jail setup, but I've got
this nagging feeling it's been done before. Does anyone know of such
an existing project? If not, I'll put forward my own code.
At
http:/
Quoting Kalnz <[EMAIL PROTECTED]> (from Mon, 27 Aug 2007 22:21:25 +0300):
Alexander Leidinger wrote:
Quoting Kalnz <[EMAIL PROTECTED]> (from Mon, 27 Aug 2007 12:54:19 +0300):
Hi!
After installing (in the jail) mysql-server-5.0.45 from ports,
I can`t get up and running my mys
Quoting Kalnz <[EMAIL PROTECTED]> (from Mon, 27 Aug 2007 12:54:19 +0300):
Hi!
After installing (in the jail) mysql-server-5.0.45 from ports,
I can`t get up and running my mysql server.
I have to point out that this problem is only inside the jail.
All I have is:
1) clean mysql-server install
2)
Quoting mal content <[EMAIL PROTECTED]> (from Fri, 17 Aug
2007 17:00:00 +0100):
On 17/08/07, Alexander Leidinger <[EMAIL PROTECTED]> wrote:
Quoting mal content <[EMAIL PROTECTED]> (from Fri, 17 Aug
> Has anyone here ever successfully set up a jail for X apps, connecti
Quoting mal content <[EMAIL PROTECTED]> (from Fri, 17 Aug
2007 06:10:39 +0100):
This is better suited for freebsd-jail@ (CCed), please remove
freebsd-security@ on reply to move the discussion there.
Has anyone here ever successfully set up a jail for X apps, connecting
to an external X ser
Quoting Roman Divacky <[EMAIL PROTECTED]> (from Mon, 6 Aug 2007
11:04:22 +0200):
On Mon, Aug 06, 2007 at 09:33:03AM +0200, Alexander Leidinger wrote:
Quoting Boris Samorodov <[EMAIL PROTECTED]> (from Sat, 04 Aug 2007 00:00:35
+0400):
>Hi!
>
>
>I'm porting so
Quoting Boris Samorodov <[EMAIL PROTECTED]> (from Sat, 04 Aug 2007 00:00:35
+0400):
Hi!
I'm porting some Fedora Core 6 applications. Since the FreeBSD
package of a FC6 port should be build with non-default
compat.linux.osrelease and pointyhat is using jails to create
packages, here is the que
Quoting Paul Hoffman <[EMAIL PROTECTED]> (from Sun, 29 Jul 2007
11:57:45 -0700):
Greetings. I want to set up a jail for a web server. It only needs to
access the things a normal system would (its own disk space, the
network controller, the keyboard, and so on). I need to be SSHing into
the jai
Quoting albinootje <[EMAIL PROTECTED]> (Sat, 28 Jul 2007 18:55:56 +0200):
> Alexander Leidinger wrote:
>
> > I have everything in 192.168.x.y on the NIC interface. So there's the
> > possibility to connect to a jail from a different system on the same
> >
Quoting Ernst de Haan <[EMAIL PROTECTED]> (from Fri, 27 Jul 2007
15:07:51 +0200):
Alexander,
In my jails at home I configured sendmail with a smarthost
(respectively a msp for the submit.mc) and use
sendmail_enable="NO"
sendmail_submit_enable="YES"
in rc.conf.
But this means you ar
Quoting Ernst de Haan <[EMAIL PROTECTED]> (from Thu, 26 Jul 2007
23:15:20 +0200):
I want to restrict my jail sandboxes to sending mail only. Could anyone
give me some advice? This is for a web-/applicationserver that needs to
be able to send mail, but should never be running any mail service o
100 matches
Mail list logo
