On Sun, 14 May 2006 22:14:31 -0500 (CDT) Philip Hallstrom <[EMAIL PROTECTED]> wrote:
> > I'm thinking of using mount_nullfs(8) to provide read-only mounts > > for all the executables in each jail. I've been doing some reading, > > 'man rtld(1)', and it seems that the linker will take of sharing > > non-writable code between processes, even if the executables are > > loaded from different mount-points/file-systems. > > You should also look at ezjail... it uses the same tricks to reduce > the size of individual jail systems. I haven't used it, but keep > meaning too (next server :) > > http://erdgeist.org/arts/software/ezjail/ i haven't tried ezjail, but i'm using read-only nullfs mounts with jails for more than a year on 2 different mail-servers (surprising how one own original ideas appear not to be original after a while :) you should perhaps realise that it's not all that easy, e.g. software like : postfix, mailman, dovecot or any other smtp or imap/pop3-server software probably needs 1 special user-account or more to be able to run, also e.g. postfix and squirrelmail need files in /var/spool/ some software, like postfixadmin, provides a setup-script which refuses to correctly detect which software is installed (it however runs fine with most of /usr/local/ directories mounted with nullfs mounted read-only from a build-jail) also, you will need to copy /usr/local/etc/ files/dirs when needed in other words, it's very interesting, but beware of the amount of work it *might* involve -- grtjs, albi gpg-key: lynx -dump http://scii.nl/~albi/gpg.asc | gpg --import _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"