Ports and jails
Oliver Eikemeier
eikemeier at fillmore-labs.com
Fri Aug 27 05:41:54 PDT 2004
Alessandro Dellavedova wrote:
> In our infrastructure we use some daemons (bind, dhcp, openldap) that
> must run into a jail for security reasons.. do you think that having a
> keyword JAILED=YES in the Makefiles of ports would be useful ?
openldap could be run without opening a TCP/IP socket (by using UNIX
domain sockets), bind chrooted as a non-priviledged user and dhcpd often
needs to listen to more than one interface (and not to externally
reachable ones), so a jail is not always a "must".
> Something like make install PREFIX=/path/to/jail JAILED=YES will be
> difficult to implement ?
jails are complete subsystems, so you could either compile the port
inside the jail, or use a package building system and install it by
pkg_add(1). Installing from a port into a jail is not really supported,
and I don't see any necessity to do so.
-Oliver
More information about the freebsd-ports
mailing list