[nycbug-talk] FBSD 5.4 jails. . .
George R.
george
Mon Apr 18 23:31:24 EDT 2005
On Apr 18, 2005, at 11:26 PM, Isaac Levy wrote:
> On Apr 18, 2005, at 11:20 PM, George R. wrote:
>
>> I don't know if I didn't get that far in the man page for jail (8)
>> before, but there's some funky new lock-downs and configurability.
>>
>> These are all for /etc/sysctl.conf in the host or master jail. . .
>>
>> security.jail.set_hostname_allowed=0 #individual jails can't set
>> hostnames
>>
>> security.jail.allow_raw_sockets=1 #allows raw sockets for ping,
>> traceroute, etc. . . it's =0 by default, so this can be a downgrade
>> in security
>>
>> Anyway, jailing in FBSD 5.3 was kind of a mess, but it seems that
>> things are back on track. . . phew.
>>
>> George
>
> Even niceties like top are working aok now too! :)
>
Some of us have discussed informally before, but I'd still like to see
an easy-to-do method of upgrading src and ports in the jails without a
mess.
Shall we reopen that discussion. . .??
George
More information about the talk
mailing list