6 Aug 2007 11:49
Re: Is it safe to change compat.linux.osrelease inside a jail?
Alexander Leidinger <Alexander <at> Leidinger.net>
2007-08-06 09:49:13 GMT
2007-08-06 09:49:13 GMT
Quoting Roman Divacky <rdivacky <at> freebsd.org> (from Mon, 6 Aug 2007 11:04:22 +0200): > On Mon, Aug 06, 2007 at 09:33:03AM +0200, Alexander Leidinger wrote: >> Quoting Boris Samorodov <bsam <at> ipt.ru> (from Sat, 04 Aug 2007 00:00:35 >> +0400): >> >> >Hi! >> > >> > >> >I'm porting some Fedora Core 6 applications. Since the FreeBSD >> >package of a FC6 port should be build with non-default >> >compat.linux.osrelease and pointyhat is using jails to create >> >packages, here is the question at the Subject. >> > >> >I know it _may_ be changed (I've tried and succeeded). Can someone >> >say that it's quite OK to do so (without bad effects to jail/host)? >> >Sure I ask about -CURRENT. >> >> Roman did some work to make this a per-jail feature. I haven't seen >> any obvious stuff in the code which would make using this a bad idea. >> So: there are no known side-effects to use this in a jail. > > I didnt do anything.. this has always been per-jail attribute :) Yes. Sorry for not being clear. You did the right work from the beginning to make the sysctl per jail instead of making it a global property of the system. And the feature which is protected by this sysctl should be able to work correctly for the use case. Hmmm... while I think about jails... wouldn't it be better from a security perspective to have the list/queue/... which is behind the use26 part be a per jail list/queue/...? It may be not an issue, but can you verify that root in jail A can not do something (kill/...) / get some info (even if it is just a PID of a linux process) from jail B when both -current jails run in the non-default linuxulator? I ask as I don't have time to look at it ATM. Bye, Alexander. -- -- Q: How can we get the Beatles to reunite for one more concert? A: With three more bullets. http://www.Leidinger.net Alexander <at> Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild <at> FreeBSD.org : PGP ID = 72077137 _______________________________________________ freebsd-emulation <at> freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-emulation To unsubscribe, send any mail to "freebsd-emulation-unsubscribe <at> freebsd.org"