bind host service to jail ip?
Jan Demter
jan-mailinglists at demter.de
Wed Oct 7 17:44:18 UTC 2015
On 07/10/15 17:42, Miroslav Lachman wrote:
> Marko Cupać wrote on 10/07/2015 16:15:
>
> [...]
>
>> - If I ran openntpd in host and bound it to jails' ip addresses, would
>> clients be able to sync? If so, are there any negative implications
>> to this?
>
> I don't know if somethng has been changed over time, but if you run some
> service in host on IP assigned to jail on port not used in jail, there
> will be no conflict and service will be available to public
A thing to keep in mind here is that anything running inside the jail
can override the host (without any noticeable conflict), as a bind to an
address from inside a jail will take precedent over the hosts listening
sockets. So if you are going to run any less trusted code in the jails,
it will be able to manipulate time for the clients using the jails address.
Greetings
Jan
More information about the freebsd-stable
mailing list