On Mon April 13 2009, Xavier Pijuan wrote: > > >If both of your /tmp/rw and / exist on the same filesystem, then I'd > >recommend you to mount tmpfs to /tmp/rw. Aufs will not complain when two > >filesystems are different. > > > > > >J. R. Okajima > > Thank you! That seems to work. But I still think that that option would be > better. Tmpfs puts everything in RAM, and for big applications it may be a > lot of RAM. > > > >Wrong tool. Sounds like you want Linux-VServer, not auFS - - > > > >That way you can 'jail' anything from a single application to > >an entire Linux distribution. > > > >It also supports immutable links with CoW breaking - allowing > >you to have whatever you want on the 'main' file system visible > >in the 'jail context' and the only things present will be the > >changed files. > > > >Ref: > >http://linux-vserver.org/Welcome_to_Linux-VServer.org > >You can use the 'experimental' link or the table on that page, or: > >http://vserver.13thfloor.at/Experimental/ > >and page-down (a lot) - the newest stuff is at the bottom of page. > > > >Don't be put off by the word 'Experimental' - - > >Their idea of 'Experimental' puts some projects idea of 'Stable-Mature' > >to shame. ;) > > > >Mike > > Yes, I know that it may not be the best tool. I want to do exactly this: > http://klik.atekon.de/wiki/index.php/Virtualization_Options. There is that > "Plash" which seems to have almost no documentation, and VServer, which is > used by the OLPC project for the same purpose. However, my first idea was to > use Union FS or aufs to prevent filesystem modification, which would prevent > 99% of applications from modifying the system, and then perhaps AppArmor to > prevent the rest. Vserver seemed a little too much, considering that it needs > a modified kernel and such, but maybe I'll reconsider it. >
Give it a try, it is a solid bit of code - - Large hosting companies run it (DreamHost for their dedicated servers is one of many). Just think of it as a chroot (in BSD terms, a jail) on steroids. Of course, you lose your Ubuntu support contract services if you patch your kernel with it - but you also lose them if you patch your kernel with anything. ;) You can pull Ubuntu Linux-Vserver kernel image packages for 8.10 and 9.04 here: https://launchpad.net/~christoph-lukas/+archive/ppa Directions here: http://linux-vserver.org/Installation_on_Ubuntu Mike Mike > > > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by: > High Quality Requirements in a Collaborative Environment. > Download a free trial of Rational Requirements Composer Now! > http://p.sf.net/sfu/www-ibm-com > > ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com
