jail's periodic stuff
Jeremie Le Hen
jeremie at le-hen.org
Thu Sep 22 05:21:16 PDT 2005
Hi,
there are some periodic script which shouldn't be run inside a jail,
because jail's restrictions would prevent the utility to work correctly.
This includes those that gathers statistics from various firewalls,
in security/ :
510.ipfdenied
520.pfdenied
550.ipfwlimit
600.ip6fwdenied
610.ipf6denied
650.ip6fwlimit
I think that three other scripts from daily/ should be avoided too,
but I'm not yet sure about those :
400.status-disks
405.status-ata-raid
420.status-network
I would like to hear your comments on this and on the best way to solve
this problem. My first thought was to add
% if [ `sysctl -n security.jail.jailed` -eq 1 ]
% then
% exit 0
% fi
just before the main case statement, but there may be smarter ways to
achieve this.
I will be glad to provide a patch as soon as I will have gathered enough
informations.
Regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
More information about the freebsd-current
mailing list