restricting "fat jails"
Emanuel Strobl
emanuel.strobl at gmx.net
Mon Apr 11 06:11:54 PDT 2005
Am Freitag, 8. April 2005 15:18 schrieb albi at scii.nl:
> i was wondering exactly which files in /dev/ can be removed in a jail ?
If we're talking about FreeBSD 5.x none, sinc it's devfs. You can control
which devices are in a jail by creating jail_NAME_devfs_ruleset.
> and i thought of a dirty approach of restricting building a jail by
> removed the parts in /usr/obj/ that you don't want, but i bet that make
> installworld is gonna complain about, is there a way around ?
There's make.conf, especially lines like:
#NO_ACPI= true # do not build acpiconf(8) and related programs
#NO_BOOT= true # do not build boot blocks and loader
NO_CVS= true # do not build CVS
#NO_CXX= true # do not build C++ and friends
NO_BLUETOOTH= true # do not build Bluetooth related stuff
#NO_DYNAMICROOT=true # do not link /bin and /sbin dynamically
NO_FORTRAN= true # do not build g77 and related libraries
#NO_GDB= true # do not build GDB
NO_I4B= true # do not build isdn4bsd package
NO_IPFILTER= true # do not build IP Filter package
NO_PF= true # do not build PF firewall package
NO_AUTHPF= true # do not build and install authpf (setuid/gid)
....
-Harry
> (perhaps something else than make -i installworld)
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050411/b742a31d/attachment.bin
More information about the freebsd-questions
mailing list