Wiadomość napisana przez James Gritton w dniu 4 lut 2014, o godz. 14:49: > On 2/4/2014 6:23 AM, Julian Elischer wrote: >> On 2/4/14, 3:40 PM, Robert N. M. Watson wrote: >>> On 3 Feb 2014, at 23:53, Doug Ambrisko <ambri...@ambrisko.com> wrote: >>> >>>> It's unfortunate that vimage requires jail. I want to use vimage but >>>> not have the security restrictions of a jail. To do this I patched >>>> jail to basically let everything through. It would be nice to be >>>> able to run jail in an insecure mode which I understand is a contradition. >>>> I do use the jail infrastructure to set the uname*/getosreldate so >>>> that a specific jail thinks it is FreeBSD version blah. Then I can ssh >>>> into that jail and pkg_add things, make ports etc. I use this on >>>> my laptop running current on the base. My other jails run various >>>> versions of FreeBSD. I don't care about security in this case. >> >> vimage was not originally tied to jails. I can't remember why we decided to >> do that :-) > > Leaving the smiley aside for the present, I remember that one - and > it's closely tied to this discussion. It was part of this more > flexible vision of jails that had added features, of which security > was just one (optional) part. I thought of them as a more general > encapsulation framework as needs would arise.
Just for the record, that's the exact same reason I didn't invent yet another encapsulation mechanism for RCTL - the idea was to use jails when you need any kind of nested hierarchy. -- If you cut off my head, what would I say? Me and my head, or me and my body? _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
