[RFC] Skeleton jail (rc.d feature proposal)
Simon L. Nielsen
simon at FreeBSD.org
Fri Feb 20 11:23:16 PST 2009
On 2009.02.10 19:24:22 -0800, Xin LI wrote:
> Ok, some local users has prodded me in committing the "skeleton jail"
> feature, I find it useful myself but not sure if it's appropriate to
> commit it against -HEAD, so I'd like to explain it, try to present it in
This complicates an already complicated etc/rc.d/jail script so I
think this is a very bad idea. rc.d/jail is already interesting
enough security wise as it is IMO.
If anyone wants this very much think it should be done in an
"external" (to etc/rc.d/jail) jail management system/script.
Personally I have been very happy with ezjail, and I think having a
script like that "externally" is a much better way to go. If that
means importing ezjail or making something like it I don't know.
--
Simon L. Nielsen
More information about the freebsd-jail
mailing list