On Sun, 2007-07-15 at 19:44 +0800, Jett Tayer wrote: > hi can send me how'd you do it? >
Posting this response to the list seems like a good idea. I guess, first of all, the basic steps I used are: * Get the source code for the jail binary. In this case I used the fetch script from freebsd-utils (since I was using that as a testing ground). * This next step should be considered the dirty and hackish part; I pretty much ripped out any BSD login cap related code to get a working build. A much more skilled developer with some PAM experience could probably whip up a replacement for the already small amount of code. * Now equipped with a usable binary, you can go about your business as if you were setting up a regular FreeBSD jail manually. In my case, the base tarball from the latest GNU/kFreeBSD install disc was used to populate the jail, instead of the traditional FreeBSD source based method. * One of the most obvious missing pieces is an equivalent to FreeBSD's jail configuration via rc.conf and the necessary init scripts for stopping/starting jails (manually or at boot). At the moment I'm using a custom /etc/init.d/jail script that reads the basic config values (dir, hostname, ip address) from /etc/jail.conf. * Initial interaction with the environment inside the jail is done through simply executing /bin/sh instead of /etc/init.d/rc. Then apt-get install openssh-server, exit the jail shell and fire it up. Shutting down is a manual process due to the current lack of jexec. So, as you can see, it's fairly...unclean. At the moment. I personally think jail support is an important feature for Debian GNU/kFreeBSD to try to support. If not important, a very *attractive* feature, that, despite more advanced stuff like Xen existing, is still a really useful thing that potential users might like to see. To sum up this overgrown rant, the following needs to be done to support jails: * Possible small modification to the 'jail' application for PAM integration? * Packaging of jail and jls (freebsd-utils perhaps?). * I can't recall the exact problem with jexec off hand but it needs some love. * A stop/start and config script infrastructure. * Figure out what we need for the J flag to be shown for a jailed process. * In a perfect world we'd have a working debootstrap to help things along. Any ideas/thoughts/comments from anyone? -- Joshua -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
