Fixed Jail ID for ZFS -> need proper mgmt?
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Tue Sep 4 20:37:34 UTC 2012
On Tue, 4 Sep 2012, Jamie Gritton wrote:
> It's true that a jail left in the DYING state can't be re-created
> normally. But it can with the "-d" flag or the "allow.dying" parameter.
> In that case, an existing but dying jail will be re-attached to and this
> resurrected. So it can be gotten around, and would be a matter of
> education. Or perhaps we could change the default behavior to silently
> all re-creation of dying jails. Is there any harm in this? I.e. would
> there be any difference noticeable to the user if a jail was created
> with some old TCP connections attached to it?
Yes, really bad and TCP is not the only thing in theory. Assume
your management does not make sure the same users gets the same jail;
you elak a lot of (possibly security related) information. Would also
make it quite hard in terms of auditing etc. to get this right unless
done knowingly and on purpose.
--
Bjoern A. Zeeb You have to have visions!
Stop bit received. Insert coin for new address family.
More information about the freebsd-jail
mailing list