L.S., I want to set up my system in a way where applications are clustered over jails, e.g. a httpd, smbd and dbmsd jail. However, in most cases I need to share data over the jails, which is stored on the host. Often, nullfs and mounting ro is suitable, but I need write access in some cases. As nullfs rw over multiple jails can be considered insecure, I was wondering what would be a secure way.
The only thing I could come up with was having both a NFS server and client running on the host and mounting such that all access is mapped to an account with less privileges. However, it seems like a waste to NFS with yourself. Thus, are there any better ways to achieve this? (I also thought of using nosuid flags, but I'm not sure if this is enough.) Kind regards, Stas Verberkt
pgpweVZFL6b60.pgp
Description: PGP signature
