I want to implement a number of jails for different services on a single
Since /usr is the same everywhere I'd like to just mount one copy of it
read-only to all the jails and then have them each have their own /usr/local
well - i already do this, but both /usr and /usr/local are common
simply install in /usr/local everything all jail users needs.
Someone recommended keeping the main system's /usr separate. This would mean
building a /usr for the main system and then making a copy of it
to be shared by the jails.
Aesthetics and philosophy aside, are there any real security holes in just
using the systems /usr everywhere if it is mounted read only in the jails?
no it works fine AND saves memory, all binaries are shared
use mount_nullfs -o readonly for this.
link /usr/local/etc to for example /etc/local so configs can be different
in every jail
email@example.com mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"