Quoting mal content [EMAIL PROTECTED] (from Fri, 17 Aug
2007 17:00:00 +0100):
On 17/08/07, Alexander Leidinger [EMAIL PROTECTED] wrote:
Quoting mal content [EMAIL PROTECTED] (from Fri, 17 Aug
Has anyone here ever successfully set up a jail for X apps, connecting
to an external X server
Quoting Kalnz [EMAIL PROTECTED] (from Mon, 27 Aug 2007 12:54:19 +0300):
Hi!
After installing (in the jail) mysql-server-5.0.45 from ports,
I can`t get up and running my mysql server.
I have to point out that this problem is only inside the jail.
All I have is:
1) clean mysql-server install
2)
Quoting Jeffrey Smith [EMAIL PROTECTED] (from Sun, 20 Apr
2008 15:49:39 -0400):
I previously posted a howto to use zfs to manage jails. The first
update through freebsd-update has been released. Testing this I get
[snip]
But I still get that same error. Does anyone have any idea what
Quoting Scott Lambert [EMAIL PROTECTED] (from Mon, 19 May 2008
00:17:07 -0500):
Is this supposed to happen? FreeBSD 6.2
order.cgi is only installed in one jail on this system, but I see
this report in all the jail on that system. The below lines are from
the daily security run output for
Quoting Andrew Snow [EMAIL PROTECTED] (from Mon, 19 May 2008
21:08:38 +1000):
Sorry for previous message, it wasn't devfs rules at all that solved
this problem.
The rules you posted are part of some kind of workaround. The rules
didn't include the syslog pipe for kernel messages
Quoting Robert Watson [EMAIL PROTECTED] (from Wed, 25 Jun 2008
16:57:17 +0100 (BST)):
On Wed, 25 Jun 2008, Alexander Leidinger wrote:
Oh: I haven't checked if this actually works. I don't know if all
places DTRT then. Normally it should work, but you better test if
it really puts the FS
Quoting Robert Watson [EMAIL PROTECTED] (from Wed, 25 Jun 2008
17:53:36 +0100 (BST)):
I don't know of any specific vulnerabilities that will open up, and
I don't have time to read the source code to find them now, but I do
promise you that if you allow arbitrary mounting of file systems in
Quoting Scott Lambert [EMAIL PROTECTED] (from Wed, 2 Jul 2008
15:22:35 -0500):
I'm probably doing this completely wrong. I setup a couple of jails
using simple image files because I thought that would make migration
to another server more straightforward. I am now trying to migrate my
first
Quoting Bjoern A. Zeeb [EMAIL PROTECTED] (from Fri, 3
Oct 2008 08:21:53 + (UTC)):
3) In samba it used to be the
interfaces =
config option that you would set to the (primary) IP of your jail.
With the above you should be able to address the samba server inside
the jail and
Quoting Miroslav Lachman [EMAIL PROTECTED] (from Fri, 17 Oct 2008
11:48:03 +0200):
Alexander Leidinger wrote:
Quoting Jose Amengual [EMAIL PROTECTED] (from Thu, 16 Oct
2008 08:43:15 -0300):
Hi Guys.
The other day I install a server with jails with FreeBSD 7 32 bit
in a 64 bit
Quoting Bjoern A. Zeeb [EMAIL PROTECTED] (from Mon, 1
Dec 2008 09:41:46 + (UTC)):
Hi,
as you may have already noticed multi-IPv4/v6/no-IP jails have hit
HEAD. See commit message attached.
Will this introduce changes how multicast is handled in jails, or is
it the same behavior as
On Sat, 27 Jun 2009 10:47:47 + (UTC) Bjoern A. Zeeb
bzeeb-li...@lists.zabbadoz.net wrote:
On Sat, 27 Jun 2009, Alexander Leidinger wrote:
at http://www.leidinger.net/FreeBSD/current-patches/jail.diff I
have a patch to switch the jail rc script to the new jail
(8-current) syntax
Quoting Bill Marquette bill.marque...@ucsecurity.com (from Mon, 6
Jul 2009 20:14:02 -0500 (CDT)):
I'm trying to run Avahi in a jail, much the same as Alexander
Leidinger in this email from late last year
http://www.mail-archive.com/freebsd-jail@freebsd.org/msg00587.html.
I couldn't find
Quoting Bjoern A. Zeeb bzeeb-li...@lists.zabbadoz.net (from Tue, 7
Jul 2009 11:08:46 + (UTC)):
Alternatively I wouldn't wonder if enabling raw sockets would give
Didn't work for me.
what you want or you'll wait for virtualization to be ready.
As _I_ don't need it on -stable: it's
On Thu, 20 Aug 2009 11:50:49 -0700 Jose Amengual
jose.ameng...@gmail.com wrote:
The server is now 7.0 and was wondering what is the best practice to
maintain security patches and kernel updates and I came out with the
following idea :
1.- freebsd-update fetch install ( host system)
2.-
Quoting hulibyaka hulibyaka huliby...@gmail.com (from Thu, 8 Oct
2009 22:01:23 +0400):
What the difference for restriction on /dev/io between chroot and
jail? How can i get all needed by xinit privileges on /dev/io within
jail ?
There are additional access restrictions in the kernel when
and when it abortet
you can have a look with kdump|less what it tries to do.
Bye,
Alexander.
Thank you,
regards
On Oct 9, 2009, at 10:45 AM, Alexander Leidinger wrote:
Quoting hulibyaka hulibyaka huliby...@gmail.com (from Thu, 8 Oct
2009 22:01:23 +0400):
What the difference
Hi,
now that jails are started in the background (which is good, to
prevent that a broken jail causes a good jail not to start), I have to
problem how to express dependencies.
Scenario:
- several jails on the same machine (via ezjail)
- one jail depends on the services of another jail,
Quoting Remko Lodder re...@freebsd.org (from Tue, 5 Jan 2010
11:35:48 +0100):
On Tue, January 5, 2010 11:24 am, Alexander Leidinger wrote:
On Mon, 07 Dec 2009 08:03:53 +0100 Alexander Leidinger
alexan...@leidinger.net wrote:
Hi,
now that jails are started in the background (which is good
Quoting Miroslav Lachman 000.f...@quip.cz (from Tue, 05 Jan 2010
11:45:34 +0100):
Alexander Leidinger wrote:
On Mon, 07 Dec 2009 08:03:53 +0100 Alexander Leidinger
alexan...@leidinger.net wrote:
Hi,
now that jails are started in the background (which is good, to
I just realized
On Mon, 8 Feb 2010 11:29:41 -0800 Jose Amengual M
jose.ameng...@gmail.com wrote:
My question is :
Do I need to reinstall portupgrade and reinstall all ports ?
Did I do the proper export and import process ?
The jail where running on 7.0 and the basejail dir was from 7.0, now
is from
On Wed, 3 Mar 2010 19:06:36 +0100 Roman Divacky rdiva...@freebsd.org
wrote:
On Wed, Mar 03, 2010 at 11:59:49AM -0500, John Nielsen wrote:
On Wednesday 03 March 2010 03:00:50 Roman Divacky wrote:
I succesfully ran chroot of linux environment on freebsd back in
2007/2008. I firmly believe
On Tue, 5 Jan 2010 11:24:47 +0100 Alexander Leidinger
alexan...@leidinger.net wrote:
On Mon, 07 Dec 2009 08:03:53 +0100 Alexander Leidinger
alexan...@leidinger.net wrote:
Hi,
now that jails are started in the background (which is good, to
I just realized yesterday that it also stops
Quoting Andrew Hotlab andrew.hot...@hotmail.com (from Thu, 3 Jun
2010 22:04:44 +):
I've never had to make Squid listening on port 80, but referring its
startup script in /usr/local/etc/rc.d/:
# squid_user: The user id that should be used to run the Squid master
#
Quoting James O'Gorman ja...@netinertia.co.uk (from Mon, 28 Jun 2010
23:40:21 +0100):
On 28 Jun 2010, at 16:38, Jamie Gritton wrote:
On 06/28/10 08:41, Rodrigo Mosconi wrote:
An idea: if it works like a jaild? A daemon management the start-up,
shutdown, console redirection? All the
Quoting Alexander Leidinger alexan...@leidinger.net (from Fri, 27
May 2011 09:43:08 +0200):
Quoting Doug Ambrisko ambri...@ambrisko.com (from Thu, 26 May 2011
10:36:24 -0700 (PDT)):
Alexander Leidinger writes:
| Just to make sure we talk about the same things:
| Did you configure the X
On Fri, 17 Jun 2011 14:46:59 -0400 Lars Kellogg-Stedman
l...@seas.harvard.edu wrote:
Hello all,
Hi there,
I am trying to expose a hierarchy of home directories to a number of
FreeBSD jails. The home directories are configured such that each is a
unique ZFS dataset. The jails are used for
On Fri, 11 Oct 2013 15:42:11 -0500
Mark Felder f...@freebsd.org wrote:
On Fri, Oct 11, 2013, at 14:30, Dirk Engling wrote:
On 11.10.13 21:27, wishmaster wrote:
Yeah!? But do you think updating python in each jail this is the
right solution? Freebsd-update in each jail?? What about
Quoting "Martin \"eto\" Misuth" (from Tue, 6
Sep 2016 16:07:31 +0200):
On Tue, 6 Sep 2016 13:19:13 +
Grzegorz Junka wrote:
How would I know that this is not implemented in the linux
emulation layer rather than disabled on the host?
I would be
Quoting SK <fbsta...@cps-intl.org> (from Fri, 16 Dec 2016 14:02:20 +):
On 16/12/2016 13:15, Alexander Leidinger wrote:
For one of the filesystems I have set "zfs allow" permissions, but
just that a specific user in the jail can do something on those FS
without th
Quoting Miroslav Lachman <000.f...@quip.cz> (from Sun, 18 Dec 2016
13:20:31 +0100):
Alexander Leidinger wrote on 2016/12/17 19:59:
Quoting SK <fbsta...@cps-intl.org> (from Fri, 16 Dec 2016 14:02:20 +):
If I understand you correctly, what you are suggesting is, the
Quoting Miroslav Lachman <000.f...@quip.cz> (from Mon, 19 Dec 2016
18:57:39 +0100):
Alexander Leidinger wrote on 2016/12/19 17:56:
Quoting Miroslav Lachman <000.f...@quip.cz> (from Sun, 18 Dec 2016
13:20:31 +0100):
Alexander Leidinger wrote on 2016/12/17 19:59:
Quoting SK &
Quoting "James B. Byrne via freebsd-jail"
(from Fri, 23 Dec 2016 09:33:17 -0500):
I am experimenting with jails on a bhyve vm guest running FBSD-11.0
using ezjail. I am having a problem with network connections to the
outside from within the jail. I have sshd
Quoting Oleg Ginzburg (from Thu, 13 Sep 2018
18:45:51 +0300):
With persist mode, CBSD created jail in follow scenario:
1) jail -c (create jail) in persist mode ( with empty exec.start script )
2) exec inside jail something (zfs attach, /sbin/ifconfig ... ), what
you need to do before
Quoting Jens Schweikhardt (from Fri, 1 Apr
2022 14:26:27 +0200 (CEST)):
Identifier confusion? You use _rc_svcs and _rc_svcj in your description.
Typo s/svcs/svcj/ in the explanation.
The diff/code has the vars correct (svcj) and the conditional and the
setting are close to each
Hi,
I'm overlooking something fundamental it seems...
Context:
I'm working on my auto-jailing of services idea: if the auto-jail is
enabled, a service like syslog is started inside a jail (which
inherits the FS and depending on some settings also inherits network
and other stuff or not).
Hi,
attached is a new implementation of service jails (auto-jailing of
services). This one now supports rc command prefixes (e.g. onestart)
and I tested it in nested jails. The benefit of auto-jailing services
is, that you can apply some restrictions to services (and what other
processes
Hi,
I'm trying to debug an issue with pinentry-tty. The reason is that I
want to export a gpg secret key, but it fails when the gpg-agent tries
to ask for the PW. An alternative way to export the key works, but the
main way should work too. So I took the time now to dig deeper. This is
Am 2023-09-22 14:02, schrieb Konstantin Belousov:
On Fri, Sep 22, 2023 at 01:44:33PM +0200, Alexander Leidinger wrote:
Hi,
I'm trying to debug an issue with pinentry-tty. The reason is that I
want to
export a gpg secret key, but it fails when the gpg-agent tries to ask
for
the PW
Quoting FreeBSD User (from Sun, 15 May 2022
12:49:06 +0200):
On Sun, 03 Apr 2022 21:48:42 +0200
Alexander Leidinger wrote:
Hi,
attached is a new implementation of service jails (auto-jailing of
services). This one now supports rc command prefixes (e.g. onestart)
and I tested it in nested
Quoting "Bjoern A. Zeeb" (from Tue, 13 Dec 2022
23:03:42 + (UTC)):
Hi,
I have used scripts like the below for almost a decade and a half
(obviously doing more than that in the middle). I haven't used them
much lately but given other questions I just wanted to fire up a test.
I have
Hi.
You see the dataset name of zfs without stripping. The mount point is
correctly stripped. I don't remember how this looks on ufs.
With jailed datasets we would need more than just some code to remove parts
of the name.
So it's a doc bug (clarity about mount points and dataset names) and
Hi,
Thanks to MWL for his upcoming jail book, it inspired me to come up with this.
Note, I'm not subscribed to freebsd-rc, please keep at least jail@ in
copy (I'm subscribed there).
I propose to extend the rc system to automatically jail services in a
light sense (off by default, can be
http://www.leidinger.net/FreeBSD/current-patches/rc_svc_jails.diff
--
Send from a mobile device, please forgive brevity and misspellings.
Am 24. Februar 2019 9:48:19 nachm. schrieb Miroslav Lachman <000.f...@quip.cz>:
Alexander Leidinger via freebsd-jail wrote on 2019/02/24
Hi,
I updated from r347365 to r349853. Now I get a panic on epair destroy
(one end needs to be in a jail, and inside the jail an IP address
needs to be assigned to the epair. If no ifconfig is used inside the
jail, there is no panic.
Another user reported something similar (but for him
Quoting Dan Langille (from Tue, 30 Jun 2020
21:02:24 -0400):
On Tue, Jun 30, 2020, at 8:30 PM, Ernie Luzar wrote:
I think I have determined what your talking about. All the vnet
literature talks about a vnet jail having it's own separate ip stack. I
interpreted this to mean that the vnet
Quoting squiggly foo (from Fri, 05 Jun 2020
15:10:05 -0500):
Thanks to Dave for pointing out that my HTML message was stripped. I
am trying this again.
Hi All,
I'm using FreeBSD as a workstation trying to keep everything as
lightweight and
segregated as possible. So I am running GUI
Quoting squiggly foo (from Mon, 08 Jun 2020
21:35:23 -0500):
Hi Alexander,
You seem to have a lot of experience with X11 so I'm happy to hear
your advice.
To answer your first question about where the graphical output needs
to happen:
I am not sure I am understanding your question,
Quoting Ernie Luzar (from Fri, 17 Jul 2020
08:46:07 -0400):
Trying to figure out how to configure a vnet jail so it is
restricted to only being able to talk to other vnet jails on the
same host IE: local only vnet jails. As different to being able to
access the public internet type of
Quoting Ernie Luzar (from Fri, 17 Jul 2020
16:31:53 -0400):
Alexander Leidinger wrote:
Quoting Ernie Luzar (from Fri, 17 Jul 2020
08:46:07 -0400):
Trying to figure out how to configure a vnet jail so it is
restricted to only being able to talk to other vnet jails on the
same host IE
Quoting Kyle Evans (from Thu, 10 Dec 2020
12:44:27 -0600):
Currently it adds an /etc/jail.d, but the point was raised that we
have a mixture of these with different naming conventions and that
/etc/jail.conf.d may be better -- I'm inclined to agree since
I would prefer jail.conf.d.
Also,
Hi,
it seems someone is working on a OCI-compatible runtime for jails:
https://github.com/samuelkarp/runj
I stumbled over this and thought maybe someone here is interested
enough to help the author...
Bye,
Alexander.
--
http://www.Leidinger.net alexan...@leidinger.net: PGP
52 matches
Mail list logo