This just a head's up in case people missed the sequence of commits
a few weeks ago, but NULLFS is now seriously enhanced in HEAD. You can
glue nullfs mounts together however you like now, without restriction.
So, for example, you can do this:
mount_null -o ro / /jail1
mount_null -o ro /usr /jail1/usr
mount_null /jaildata/jail1/etc /jail1/etc
mount_null -o ro / /jail2
mount_null -o ro /usr /jail2/usr
mount_null /jaildata/jail2/etc /jail2/etc
And so forth. You can glue pieces of the filesystem together into
whatever arrangement you want, use chroot or jail to push into it,
and have no visibility outside of that arrangement. And it's ultra
memory efficient, too. The namecache and vnode topology is shared
with the base filesystems and do not eat any extra memory.
With a small bit of work it would probably even be possible to
export these synthesized filesystems via NFS (albeit with all the
security issues involved when not glueing together filesystem roots).
If someone wants to getting NFS exports working properly on nullfs
mounts would be a nice little project.
-Matt
Matthew Dillon
<[EMAIL PROTECTED]>
