[Bug 220712] Extended attributes within a jail cant be set

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Bug 220712] Extended attributes within a jail cant be set

bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220712

--- Comment #2 from [hidden email] ---
(In reply to Mark Millard from comment #1)
Refer to short-term, unsafe (from the SAMBA developers' perspective)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220844

Mark, as you've quoted, this was my reply, via the mailing-list to Konstantin
(who I have great respect for).

"With the passage of 15 years
other applications have come to use "system" namespace extended
attributes, as though they were in the host system.  Unfortunately if
you have one physical box available to act as both an authentication
server (Quasi Active Directory) and a fileserver, then using a jailed
environment is the only solution.

By design?  I suppose its akin to saying, why would you want to use
sysvipc from within a jail, with its global namespace (since FreeBSD
V5.0) ; or perhaps the use of raw sockets (FreeBSDv6.0); or mount within
a jail (FreeBSD V9.0); or...?
Probably because sophisticated use of jails is one of the many
outstanding features that sets FreeBSD apart from restrictive and
antiquated environments.  Not all features of a base system should be
reflected in a jail, that would be silly; but where upstream
applications use features, then the enhancement of a jail's
configuration via way of, at least, an option - makes sense."

Interestingly the absence of SYSTEM namespace within a jailed environment also
prohibits use of MAC BIBA|MLS|LOMAC.

--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"