David Beck <[EMAIL PROTECTED]> wrote: > The idea was to use nullfs for jail filesystems, so I don't need to > duplicate files as many times as jails I have. > > This had two advantages to my opinion: > - the jail would share system executables on a readonly filesystem, > so system upgardes would be easier. > - also I thought that this would increase the level of security in > jails. > > If not nullfs would you recommend NFS in a similar setup? Do you see an > other solution that works better?
Personally, I use NFS loopback union mounts (read-only) for the very same thing (i.e. multiple jails). Note that, by saying "union mounts" I mean the -o union flag of the mount command, *not* UNIONFS which I'd rather avoid. The -o union flag serves a similar purpose and is rock stable. It's a bit less flexible than UNIONFS because it merges only the contents of the root directory of the file system mounted, but that's usually sufficient (with the help of a few sym- links). The performance of loopback NFS is very good. I was afraid that the NFS overhead would kill the machine, but it turned out not to be an issue. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way.
