jails clean startup

Andreas Kohn andreas.kohn at gmail.com
Sun Mar 19 15:31:39 PST 2006


Hi,

On Sun, 2006-03-19 at 23:43 +0100, Simon 'corecode' Schubert wrote:
> joerg at xxxxxxxxxxxxxxxxx wrote:
> >>the attached patches make it a bit easier to setup jails (no fake /etc/fstab,
> >>no additional network_interfaces="" in jails' /etc/rc.conf, etc) since some
> >>services are not supposed to run inside jail.
> > I never liked the nojail keyword. Anyway, I don't like the new sysctl
> > either, since it is redundant. Try "kill -0 1" :-)
> 
> I actually quite like the patch.  And having a sysctl telling explicitly 
> if running in a jail or not seems a very sane idea.  What does FreeBSD do?
Exactly that sysctl exists on FreeBSD as well. And I also consider an
explicit sysctl way better than some non-obvious[*] method to figure out
the same. 

Regards,
--
Andreas

[*] The man page of kill doesn't mention "0" as a way to check if a
process is jailed, and neither jail(2) nor jail(8) talk about it. And I
don't think a user new to jails imagines that trying and failing to send
a non-existing (cf. sys/signal.h, signal(3)) to init will tell him
whether he is jailed or not. But I may be overlooking something obvious,
of course :)


Attachment:
signature.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00002.pgp
Type: application/octet-stream
Size: 187 bytes
Desc: "Description: This is a digitally signed message part"
URL: <http://lists.dragonflybsd.org/pipermail/submit/attachments/20060319/a6e794ae/attachment-0019.obj>


More information about the Submit mailing list