Jails and multicore boxes
I've heard that things like freebsd jails or solaris zones can still be insecure on multicore boxes because a race condition can occur. I don't know more details about it other than that. Is this true now on freebsd? Also, I have a home server which I'm considering running apache, bind, dhcp, and possiblty opening ports for some other services. Is it overkill to run all of these each in their own jail? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Installing ports to /usr
Would there be any negative ramifications to installing ports in /usr instead of /usr/local? Like could they potentially clobber system binaries and other files or is this pretty safe to do? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Installing ports to /usr
Well I was just comtemplating the idea of setting up a freebsd load at my workplace. They already run linux and solaris and because of bad decisions in the past, they mount their afs shares on /usr/local. So I would have to install ports in /usr or some other prefix. On Nov 14, 2007 2:38 PM, Lars Eighner <[EMAIL PROTECTED]> wrote: > > On Wed, 14 Nov 2007, Matt Fioravante wrote: > > > Would there be any negative ramifications to installing ports in /usr > > instead of /usr/local? Like could they potentially clobber system > > binaries and other files or is this pretty safe to do? > > I know of a few name conflicts that can occur in certain circumstances (such > as the system lpr and hplip lpr). You may be lucky and avoid these. It is > also possible that some ports will not find one another or that wrong > locations may be hard coded --- this should not happen, but there should not > be any broken ports, unfetchable sources and so forth. > > Such an arrangement would require extreme vigilance, beyond what the ports > management software can do (if they can be persuaded to work at all in such > an environment). I cannot think of a good reason to do what you want to do, > but you ought to be very clear that somehow there is no other way and be > prepared for the consequences. > > -- > Lars Eighner > http://www.larseighner.com/index.html > 8800 N IH35 APT 1191 AUSTIN TX 78753-5266 > > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Shared /usr in jails
I want to implement a number of jails for different services on a single box. Since /usr is the same everywhere I'd like to just mount one copy of it read-only to all the jails and then have them each have their own /usr/local Someone recommended keeping the main system's /usr separate. This would mean building a /usr for the main system and then making a copy of it to be shared by the jails. Aesthetics and philosophy aside, are there any real security holes in just using the systems /usr everywhere if it is mounted read only in the jails? THis seems to be the approach used by solaris zones. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"