Jail resource limits
Steven Hartland
killing at multiplay.co.uk
Sun May 25 22:04:02 UTC 2008
----- Original Message -----
From: "Geoffroy DESVERNAY" <dgeo at ec-marseille.fr>
>> This is something we're really looking forward to tbh a great
>> feature :) One of the reasons for this is hosting jails, with
>> the addition of multi IP support we will be able to enable
>> jails to connect to "backdoor" secure services such as a
>> mysql server.
>>
> We are already doing this (sql on a separated(physical) LAN, but jail
> don't need a second interface for that: the real host's routing table is
> used for outgoing packets.
> Note we still need a static route on the SQL server for the packets to
> come back the same way
>
> I still don't know if this behaviour is the better one (one may think
> that jail's packets should not go through different interface ?), but it
> works quite well ;)
Surely that compromises jail security i.e. being able to access
resources from the host box even it the jail has no perceivable
access to them?
I assume this still doesn't work if the server is in fact run on
the main host only running on localhost?
Regards
Steve
================================================
This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it.
In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337
or return the E.mail to postmaster at multiplay.co.uk.
More information about the freebsd-jail
mailing list