On Sun, 14 May 2006 22:14:31 -0500 (CDT)
Philip Hallstrom <[EMAIL PROTECTED]> wrote:

> > I'm thinking of using mount_nullfs(8) to provide read-only mounts
> > for all the executables in each jail. I've been doing some reading,
> > 'man rtld(1)', and it seems that the linker will take of sharing
> > non-writable code between processes, even if the executables are
> > loaded from different mount-points/file-systems.
> You should also look at ezjail...  it uses the same tricks to reduce
> the size of individual jail systems.  I haven't used it, but keep
> meaning too (next server :)
> http://erdgeist.org/arts/software/ezjail/

i haven't tried ezjail, but i'm using read-only nullfs mounts with
jails for more than a year on 2 different mail-servers (surprising how
one own original ideas appear not to be original after a while :)

you should perhaps realise that it's not all that easy, e.g. software
like : postfix, mailman, dovecot or any other smtp or imap/pop3-server
software probably needs 1 special user-account or more to be able to
run, also e.g. postfix and squirrelmail need files in /var/spool/

some software, like postfixadmin, provides a setup-script which refuses
to correctly detect which software is installed (it however runs fine
with most of /usr/local/ directories mounted with nullfs
mounted read-only from a build-jail)

also, you will need to copy /usr/local/etc/ files/dirs when needed

in other words, it's very interesting, but beware of the amount of work
it *might* involve

grtjs, albi
gpg-key: lynx -dump http://scii.nl/~albi/gpg.asc | gpg --import
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to