https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220712
--- Comment #2 from [email protected] --- (In reply to Mark Millard from comment #1) Refer to short-term, unsafe (from the SAMBA developers' perspective) https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220844 Mark, as you've quoted, this was my reply, via the mailing-list to Konstantin (who I have great respect for). "With the passage of 15 years other applications have come to use "system" namespace extended attributes, as though they were in the host system. Unfortunately if you have one physical box available to act as both an authentication server (Quasi Active Directory) and a fileserver, then using a jailed environment is the only solution. By design? I suppose its akin to saying, why would you want to use sysvipc from within a jail, with its global namespace (since FreeBSD V5.0) ; or perhaps the use of raw sockets (FreeBSDv6.0); or mount within a jail (FreeBSD V9.0); or...? Probably because sophisticated use of jails is one of the many outstanding features that sets FreeBSD apart from restrictive and antiquated environments. Not all features of a base system should be reflected in a jail, that would be silly; but where upstream applications use features, then the enhancement of a jail's configuration via way of, at least, an option - makes sense." Interestingly the absence of SYSTEM namespace within a jailed environment also prohibits use of MAC BIBA|MLS|LOMAC. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[email protected]"
