[Bug 226931] Deprecating jail(2) and related sysctls
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Mar 30 20:09:19 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226931
--- Comment #8 from Jamie Gritton <jamie at FreeBSD.org> ---
(In reply to Bryan Drewery from comment #7)
True, when you're jailed the current jail isn't JID 0. It is in fact an
unknown jid, which is a difficult thing to specify. JID 0, as much as it
exists, is the base system i.e. the "where I am now" view when you are not
jailed, which is reasonably similar to asking for the "where I am now" view
when you are jailed. But that's a separate issue.
> IMHO removing them (and not even setting read-only for a release or two)
> violates POLA and may break a lot of other scripts.
Which is the reason it was suggested to put it inside BURN_BRIDGES, which would
affect very few systems. It would make sense to reduce it to read-only first
and then remove it entirely later, but there seems to be one good switch
(BURN_BRIDGES) making it difficult to have an option somewhere between where we
are now and where I want to go.
Another option is to change where I want to go, and just make read-only the end
goal. I don't consider this the optimal end result, but it may be the POLA
alternative.
Nonetheless, I am hoping to see an exp-run with the sysctls removed entirely,
so I can gauge just how widespread their use is.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-ports-bugs
mailing list