On Wed, May 28, 2008 at 01:09:49PM -0400, John Baldwin wrote: > On Monday 26 May 2008 10:07:35 am Michael Reifenberger wrote: > > On Mon, May 26, 2008 at 02:49:16PM +0100, Robert Watson wrote: > > > On Mon, 26 May 2008, Michael Reifenberger wrote: > > > > > > > Extend jexec to accept hostname or ip-number besides jail-id. > > > > > > It might be worth adding a caution in the man page notes somewhere that > > > neither hostname nor IP address are guaranteed to uniquely identify a > > > jail > > > -- > > > in which case, which will jexec choose? > > > > I'll add some cautions to the man page. > > The jail is found by an loop through the sysctl security.jail.list > > and comparing argv against ip-number and hostname. > > The first matching jail is used then. > > Makes sense only for those who keep their jails uniquely identifyable > > by hostname or ip-number, of corse. > > Maybe make it only work if it only matches a single jail? That would work > for > the common case while avoiding ambiguities in the complex cases.
Yeah. I'd also suggest to not even try to match hostnames if security.jail.set_hostname_allowed is set to 1. -- Pawel Jakub Dawidek http://www.wheel.pl [EMAIL PROTECTED] http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am!
pgpcxCXwfQLXy.pgp
Description: PGP signature
