Should I use jail?

Phil Regnauld regnauld at x0.dk
Tue Feb 18 04:30:46 UTC 2014


A.J. 'Fonz' van Werven (freebsd) writes:
> 
> The problem with NIS (and by extension NFS) is rpcbind, which AFAIK cannot
> run in a jail.

	I've never tried, and I see a number of older PRs about this.

> What do you know: what was intended as a smartass comment that I almost
> refrained from sending in the first place actually elicited a useful
> response. Thank you very much for the suggestion, I'll look into that.

	:)

> The main question would be which /dev entry provides (write) access to the
> system clock, if that even goes through a /dev entry to begin with. A
> quick look through /usr/src/sys didn't turn up anything.

	As pointed out, unless ntpd is sampling a PPS, you don't need a device.

	But apart from running ntpd within chroot, I don't think it's possible
	as adjtime won't allow jailed processes to set the clock (and there
	is no override for that).

	Ok, so the advice wasn't so useful after all - sorry!

	Cheers,
	Phil


More information about the freebsd-stable mailing list