withFrom: Jeremie Le Hen <[EMAIL PROTECTED]> To: Jas arlerr <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED], freebsd-hackers@freebsd.org Subject: Re: Configuration differences for jails Date: Fri, 22 Apr 2005 17:41:40 +0200
Hi,
> I am not very familar with mount_nullfs, but i think it is _one_ copy
not> _multiple_ references(FIXME).So if we modify something in one jail, the > same effect will also impose on other jails,even the real machine. Due > to this problem, readonly mounts may be a good choice.
Usually, /bin and others are never modified, that's why it may be null mounted readonly. If you want to be able to write to these directories from inside the jail, there are two methods :
- First is to use mount_unionfs(8) which will mount another directory above the null mounted directory. Note that unionfs is currently known to be broken, although there are no official list of known bugs, AFAIK. Having a null mount AND an union mount over it may perhaps introduce a non-negligible overhead, I guess.
- Make each jail have its own world.
> BUT if we do some things related to the /etc files, such as passwd, ro
> mounts can not deal with this situation because different jails need
> different passwd files for private users.
> So I think this can only be done by making a copy of relevant files but
> ro mounts.
Once again, /etc is not intended to be null mounted. It contains sensitive informations about the host that should not be published in jails. You will have to use the "distribution" make target from /usr/src/etc (see my previous email).
I see! Thanks for your explanation!
regards Jas
_________________________________________________________________
与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn
_______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"