[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ezjail] FeatureRequest: Kind of Flavours for the Hostsystem
Peter Zehm wrote:
> This could be useful to do things on the host system. E.g. modifying the
> fstab.jailname, the /usr/local/etc/ezjaul/jailname config file, ...
> Are there already any plans regarding this or a similar feature for the
> next version?
thanks for the feedback on ezjail and all the compliments.
While I understand that it would be cool to do some post-install
configure stuff in the host system, I'm not sure I should offer that as
an option for flavours. You know, I've decided that, for security
reasons, there is a line where host system and jails are clearly
separated. This line is ezjail_jaildir and if you happen to get a bad
flavour from the internet, it can only compromise the very jail you
create using that flavour. Also you can not accidentally overwrite
configs in the host system when you just want to configure your jail.
ezjail-admin itself restricts itself to write files in the
$PREFIX/etc/ezjail directory and some /etc/fstab.* entries. So I think
that if you're experienced enough to understand the security
implications of letting flavours modify your host system, you can easily
hack your own hook into ezjail-admin. Sorry for that inconvenience.