From owner-freebsd-stable@FreeBSD.ORG Mon Sep 19 14:15:06 2005 Return-Path: X-Original-To: freebsd-stable@FreeBSD.ORG Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BBA6D16A41F for ; Mon, 19 Sep 2005 14:15:06 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E9D043D48 for ; Mon, 19 Sep 2005 14:15:05 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (ividqf@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.1/8.13.1) with ESMTP id j8JEF4Fx015806; Mon, 19 Sep 2005 16:15:04 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.1/8.13.1/Submit) id j8JEF3Gu015805; Mon, 19 Sep 2005 16:15:04 +0200 (CEST) (envelope-from olli) Date: Mon, 19 Sep 2005 16:15:04 +0200 (CEST) Message-Id: <200509191415.j8JEF3Gu015805@lurza.secnetix.de> From: Oliver Fromme To: freebsd-stable@FreeBSD.ORG, Daniel Gerzo In-Reply-To: <169892035.20050915104634@rulez.sk> X-Newsgroups: list.freebsd-stable User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.11-RELEASE (i386)) Cc: Subject: Re: Jail to jail network performance? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-stable@FreeBSD.ORG, Daniel Gerzo List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Sep 2005 14:15:06 -0000 [Sorry, this is a late reply, but might be helpful.] Daniel Gerzo wrote: > Hello Brandon, > Thursday, September 15, 2005, 5:17:57 AM, you wrote: > > [...] > > nullfs looks interesting. I was thinking about sharing files > > between jails using NFS, but it looks like nullfs would do the trick > > with better performance. Although the bugs section of the man page > > for mount_nullfs is rather scary. Does anyone have any experience > > with it? Does it actually work? > > btw unionfs is interesting as well, but the BUGS section is pretty the > same :) Another possibility is to use union mounts (i.e. using the "-o union" mount flag with a regular mount). This works without problems and is very stable, but it is a little less flexible than UNIONFS (or NULLFS) because it merges only the directory entries at the mount point. > > If the point here is to make /tmp/mysql.sock show up in another > > jail's file space, can I use a symlink instead? Can a jailed process > > see the target of the symlink? > > I read that using such a symlinks has security impacts. Symlinks within a jail cannot point to targets outside of that jail. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "When your hammer is C++, everything begins to look like a thumb." -- Steve Haflich, in comp.lang.c++