svn commit: r261266 - in head: sys/dev/drm sys/kern sys/sys usr.sbin/jail

[Edward Tomasz Napierała]

Wiadomość napisana przez James Gritton w dniu 4 lut 2014, o godz. 14:49:
> On 2/4/2014 6:23 AM, Julian Elischer wrote:
>> On 2/4/14, 3:40 PM, Robert N. M. Watson wrote:
>>> On 3 Feb 2014, at 23:53, Doug Ambrisko <ambrisko at ambrisko.com> wrote:
>>> 
>>>> It's unfortunate that vimage requires jail.  I want to use vimage but
>>>> not have the security restrictions of a jail.  To do this I patched
>>>> jail to basically let everything through.  It would be nice to be
>>>> able to run jail in an insecure mode which I understand is a contradition.
>>>> I do use the jail infrastructure to set the uname*/getosreldate so
>>>> that a specific jail thinks it is FreeBSD version blah.  Then I can ssh
>>>> into that jail and pkg_add things, make ports etc.  I use this on
>>>> my laptop running current on the base.  My other jails run various
>>>> versions of FreeBSD.  I don't care about security in this case.
>> 
>> vimage was not originally tied to jails. I can't remember why we decided to do that :-)
> 
> Leaving the smiley aside for the present, I remember that one - and
> it's closely tied to this discussion.  It was part of this more
> flexible vision of jails that had added features, of which security
> was just one (optional) part.  I thought of them as a more general
> encapsulation framework as needs would arise.

Just for the record, that's the exact same reason I didn't invent yet another
encapsulation mechanism for RCTL - the idea was to use jails when you need
any kind of nested hierarchy.

-- 
If you cut off my head, what would I say?  Me and my head, or me and my body?