Date: Mon, 12 Mar 2001 10:02:54 -0500 (EST) From: Steve Tremblett <sjt@cisco.com> To: Jan.Grant@bristol.ac.uk (Jan Grant) Cc: sjt@cisco.com (Steve Tremblett), freebsd-stable@FreeBSD.ORG (freebsd-stable) Subject: Re: nullfs et al Message-ID: <200103121502.KAA25352@sjt-u10.cisco.com> In-Reply-To: <Pine.GSO.4.31.0103121440330.26600-100000@mail.ilrt.bris.ac.uk> from "Jan Grant" at Mar 12, 2001 02:42:09 PM
next in thread | previous in thread | raw e-mail | index | archive | help
+--- Jan Grant wrote: | | > An alternative to this could be symlinks. In a chroot()ed environment, | > the user should see symlinks OUT of the jail as the actual files. | > | > Populate /usr/local/jail/bin, /usr/local/jail/usr/bin... with whatever | > you want, and then just link /chroot/path/bin -> /usr/jail/bin... | > | > Then you eliminate the NFS overhead, but now links are eating all your | > inodes... | | I don't think this does what you think it does. If it _does_ work, then | jail is so badly fragged that I'm surprised nobody has screamed yet. | | Absolute symlinks should be interpreted relative to chroot; relative | symlinks containing "../../../../.." should see chroot as the ceiling. | my mistake - I used this before on another OS. I have not tried this on FreeBSD, so I can't attest to how it works. On the system I did use it on, the absolute symlinks were interpreted relative to the REAL /, and the user only saw a regular file as opposed to the link. -- Steve Tremblett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103121502.KAA25352>