On Sun, Nov 14, 2004 at 03:40:19PM +1300, Philip Jensen wrote:
> Dmitri Nikulin wrote:
> 
> >Sascha Retzki wrote:
> >
> >>A question, is that the default behavior or because of their jail-stuff?
> >>And, heh, what do you say about jails? My impression was that half of 
> >>the
> >>effects are "reproduceable" with tools we already have, I end up with 
> >>"virtual
> >>servers", so a user logs in via ssh on 192.168.0.2, and it looks like 
> >>he owns
> >>the machine, he is root and so on but indeed its just a "chroot'ed 
> >>and systrace'd working environment" which is represented to the host 
> >>system as a file.
> >
> >-----8<-------8<------
> >
> >I'll have to try the chrooting to a vnode thing, sounds like fun. 
> >Definitely a good way to confuse a newbie. Any tips or guides on the 
> >procedure? 
> 
> Count me in too.....  I am very interested to see details on this setup.
> 
> 
http://www.freebsd.org/cgi/man.cgi?query=jail&apropos=0&sektion=0&manpath=FreeBSD+5.3-RELEASE+and+Ports&format=html
 " Jails are typically set up using one of two philosophies: either to con-
     strain a specific application (possibly running with privilege), or to
     create a ``virtual system image'' running a variety of daemons and ser-
     vices."
Its marketing to me. Except of the the last one. "virtual system image"... .
You can bind that image to an IP (and aliased IPs). Very usefull.

"The rest that we have to", I mentioned is some frickling with systrace, chroot
and maybe others. Of course using one CLI-tool for that all seems to be fun,
but its imho not the netbsd way of implementations. 

SR