Subject: Re: Implementing jail
To: Martin Husemann <martin@duskware.de>
From: Jason R. Fink <jrf@adresearch.com>
List: tech-kern
Date: 12/15/2002 11:41:57
> Well, you are aware that you do not need the jail functionality for a virtual
> server? A few interface aliases, proper apache configuration and maybe
> chroot'd ssh acounts will do what you want. The jail just adds a tiny piece
> of security for the case where the virtual clients have root access.
> 
> I'm not sure if/how it matters in the "clients w/o root access" case at all.

This has come up before and I believe the consensus was "we do not
want to just copy FreeBSD" because, as Martin has pointed out,
we do not need to.

Instead there is more emphasis on things like seperate stacks on
network interfaces, capabilities and the like,

	j

-- 
Jay Fink http://pyxis.homeunix.net/
NetBSD Developer http://www.netbsd.org/
Senior SysAdmin/Programmer, Ipsos http://www.ipsos.com/