Idea about "skeleton jail"
Dmitry Morozovsky
marck at rinet.ru
Tue Feb 1 01:09:42 PST 2005
Dear Xin,
On Mon, 31 Jan 2005, Xin LI wrote:
XL> What I am going to proposal is a concept that I call it "skeleton jail",
XL> or "skeljail" for short. A skel jail is something that shares most base
XL> system binaries/libraries with the host, through read-only mount_null's.
[snip]
XL> I have some handcrafted shell scripts to implement skeljail by having
XL> everything automatically mounted/dismounted. However, I think it might
XL> be better if we can have jail_<name>_skeljail="YES" switch in our jail
XL> rc.d(8) startup script. Please let me know if you are interested in the
XL> idea and I'll post a patch for review if there's enough people that
XL> wants this.
I wrote some scripts for very similar process (however, I used one mount to
null mount jail's /usr, and move/symlinked /bin and /sbin to /usr/Rbin and
/usr/Rsbin, with /usr/local, /usr/home and /usrX11R6 linked out to jail root)
I'm very interested in your patchset, at least for comparing with our (and for
learning, or course! ;-)
Thanks!
Sincerely,
D.Marck [DM5020, MCK-RIPE, DM3-RIPN]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck at rinet.ru ***
------------------------------------------------------------------------
More information about the freebsd-hackers
mailing list