From owner-freebsd-questions@FreeBSD.ORG Mon Apr 26 09:41:24 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D3EE16A4CF for ; Mon, 26 Apr 2004 09:41:24 -0700 (PDT) Received: from flintsbach.schmalzbauer.de (flintsbach.schmalzbauer.de [62.245.232.135]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4274843D3F for ; Mon, 26 Apr 2004 09:41:23 -0700 (PDT) (envelope-from h@schmalzbauer.de) Received: from sam.flintsbach.schmalzbauer.de (sam.flintsbach.schmalzbauer.de [172.21.2.3])i3QGfIPZ015474; Mon, 26 Apr 2004 18:41:19 +0200 (CEST) (envelope-from h@schmalzbauer.de) Received: from cale.flintsbach.schmalzbauer.de (cale.flintsbach.schmalzbauer.de [172.21.1.254])i3QGfHeE001984; Mon, 26 Apr 2004 18:41:18 +0200 (CEST) (envelope-from h@schmalzbauer.de) From: Harald Schmalzbauer To: freebsd-questions@freebsd.org Date: Mon, 26 Apr 2004 18:41:13 +0200 User-Agent: KMail/1.6.1 References: <87fzaravaj.fsf@deneb.enyo.de> <200404261342.48970.h@schmalzbauer.de> <8A17357B-978A-11D8-91B5-003065A70D30@shire.net> In-Reply-To: <8A17357B-978A-11D8-91B5-003065A70D30@shire.net> X-OS: FreeBSD 5.3 X-Country: Germany X-Address: Munich, 80686 X-Phone2: +49 (0) 89 18947781 X-Phone1: +49 (0) 163 555 3237 X-Name: Harald Schmalzbauer X-Birthday: 06 Oktober 1972 MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_tuTjAmlwnSXEhIH"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200404261841.17705@harryhomeworkstation> X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on mailjail.dmz.flintsbach.schmalzbauer.de cc: Florian Weimer cc: antwort@schmalzbauer.de cc: "Chad Leigh -- Shire.Net LLC" Subject: Re: Jail organization X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Apr 2004 16:41:24 -0000 --Boundary-02=_tuTjAmlwnSXEhIH Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Montag, 26. April 2004 16:03 schrieb Chad Leigh -- Shire.Net LLC: > On Apr 26, 2004, at 5:42 AM, Harald Schmalzbauer wrote: > > Use mount_nullfs whenever you need more than the spezialized jail > > itself was > > designed for, eg. when installing a new port > > mount_nullfs /hostusr/ports /jailuser/ports. > > I explicitly use one single label for each jail. Don't forget in case > > of a > > compromised jail the hacker could simply fill up your filesystem when > > you use > > only directories. > > > > -Harry > > I have stated away from mount_nullfs because the man page for it (on > 5-2-CURRENT) still says: > > BUGS > THIS FILE SYSTEM TYPE IS NOT YET FULLY SUPPORTED (READ: IT DOESN'T > WORK) > AND USING IT MAY, IN FACT, DESTROY DATA ON YOUR SYSTEM. USE AT > YOUR OWN > RISK. BEWARE OF DOG. SLIPPERY WHEN WET. > > This code also needs an owner in order to be less dangerous - > serious > hackers can apply by sending mail to and > announcing > their intent to take it over. > > HISTORY > The mount_nullfs utility first appeared in 4.4BSD. > > > Is this still true? Is it safe to use, at least in a read only > situation? Oh, I've never had a look into the man page. And I haven't beed using it fo= r=20 long nor at high load scenarios but for me it works (tm). In production I use it readonly but I also haven't had any problems in=20 read-write operation. But consider it as a nullfs-newbie report! =2DHarry > > I have been remounting various parts of the filesystem in read only > state using nfs from the local filesystem, ie, > > % mount localhost:/jailmaster/usr /jail/usr > > Chad > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" =2D-=20 Please never add my reply address to CC nor to the recipient list! If you make "answers to all" please remove my address!!!!!!!!!!!!! I'll complain if I see my reply address on any mailinglist!!!!!!!! --Boundary-02=_tuTjAmlwnSXEhIH Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAjTutBylq0S4AzzwRAsPJAJ92u/bEIES8KcEOJxRFcowGuhfUPQCfY3+P d6PgTkdKgtrPdFYlCHSTDMc= =CKbD -----END PGP SIGNATURE----- --Boundary-02=_tuTjAmlwnSXEhIH--