Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 12 Mar 2001 14:42:09 +0000 (GMT)
From:      Jan Grant <Jan.Grant@bristol.ac.uk>
To:        Steve Tremblett <sjt@cisco.com>
Cc:        freebsd-stable <freebsd-stable@FreeBSD.ORG>
Subject:   Re: nullfs et al
Message-ID:  <Pine.GSO.4.31.0103121440330.26600-100000@mail.ilrt.bris.ac.uk>
In-Reply-To: <200103121327.IAA25065@sjt-u10.cisco.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, 12 Mar 2001, Steve Tremblett wrote:

> +--- Oliver Fromme wrote:
> |
> | Hi,
> |
> | What is the "proper" way to mount binaries etc. into a
> | bunch of jail homes?  Obviously, I don't want to copy
> | /bin, /usr/bin, /usr/lib etc. for every jailed user.
> | BTW, I'm using 4-stable.
> |
> | I've grepped the lists and found the following possible
> | solutions:
> |
> | (A)  Local NFS loopback mounts.  Seems to work reliably.
> |      Is this the best way?  Somehow it is my impression
> |      that the NFS causes some overhead and might cause
> |      some performance impact.  Any opinions?
> |      BTW, this particular machine doesn't use any NFS
> |      otherwise (neither client nor server).
>
> An alternative to this could be symlinks.  In a chroot()ed environment,
> the user should see symlinks OUT of the jail as the actual files.
>
> Populate /usr/local/jail/bin, /usr/local/jail/usr/bin... with whatever
> you want, and then just link /chroot/path/bin -> /usr/jail/bin...
>
> Then you eliminate the NFS overhead, but now links are eating all your
> inodes...

I don't think this does what you think it does. If it _does_ work, then
jail is so badly fragged that I'm surprised nobody has screamed yet.

Absolute symlinks should be interpreted relative to chroot; relative
symlinks containing "../../../../.." should see chroot as the ceiling.

-- 
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287163 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk
Goedel would be proud - I'm both inconsistent _and_ incomplete.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.31.0103121440330.26600-100000>