[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] FeatureRequest: Kind of Flavours for the Hostsystem

Dirk Engling schrieb:
Peter Zehm wrote:

This could be useful to do things on the host system. E.g. modifying the
fstab.jailname, the /usr/local/etc/ezjaul/jailname config file, ...
Are there already any plans regarding this or a similar feature for the
next version?

Hello there,

thanks for the feedback on ezjail and all the compliments.

While I understand that it would be cool to do some post-install
configure stuff in the host system, I'm not sure I should offer that as
an option for flavours. You know, I've decided that, for security
reasons, there is a line where host system and jails are clearly
separated. This line is ezjail_jaildir and if you happen to get a bad
flavour from the internet, it can only compromise the very jail you
create using that flavour. Also you can not accidentally overwrite
configs in the host system when you just want to configure your jail.

ezjail-admin itself restricts itself to write files in the
$PREFIX/etc/ezjail directory and some /etc/fstab.* entries. So I think
that if you're experienced enough to understand the security
implications of letting flavours modify your host system, you can easily
hack your own hook into ezjail-admin. Sorry for that inconvenience.


thanks for stating out your thoughts about security. I'm not quite sure if you got my idea right or if i explained it the right way - I'm german and my english is not so good. I will take some closer look into ezjail-admin and will try to implement what I'm thinking about and will provide the patch to the mailinglist.