Date: Thu, 12 Apr 2007 15:49:09 +0200 From: Bernd Walter <ticso@cicely12.cicely.de> To: Kostik Belousov <kostikbel@gmail.com> Cc: ticso@cicely12.cicely.de, freebsd-current@freebsd.org, ed@fxq.nl Subject: Re: ZFS to support chflags? Message-ID: <20070412134909.GW30772@cicely12.cicely.de> In-Reply-To: <20070412125524.GZ308@deviant.kiev.zoral.com.ua> References: <20070412120341.GE45949@hoeg.nl> <200704121238.l3CCcX9v070904@lurza.secnetix.de> <20070412125524.GZ308@deviant.kiev.zoral.com.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 12, 2007 at 03:55:24PM +0300, Kostik Belousov wrote: > On Thu, Apr 12, 2007 at 02:38:33PM +0200, Oliver Fromme wrote: > > Ed Schouten wrote: > > > Bernd Walter wrote: > > > > E.g. hardlink system binaries over multiple jails flaged immuteable. > > > > No jail can compromise the data in other jails, while still allowing > > > > the kernel to share memory pages for it. > > > > > > There are nicer ways to do that as far as I know. Just read-only > > > nullmount some kind of base install to another directory. > > > > Memory pages are not shared across different mounts, > > including nullmounts (AFAIK), which was Bernd's point. > > So Bernd's solution is much better in terms of memory > > usage, which is significant if you run a large number > > of jails. > > Pages are shared for file mmaped from different null mounts. I wasn't aware of this - that's good. But there are still other interesting benefits of extended flags in jails, such as append-only for logfiles, etc... Unlike the old securelevel mechanism the files can still be rotated outside the jails. -- B.Walter http://www.bwct.de http://www.fizon.de bernd@bwct.de info@bwct.de support@fizon.de
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070412134909.GW30772>