Date: Thu, 9 Oct 2003 17:00:02 -0400 From: Kenny Freeman <kennyf@pchg.net> To: Lewis Thompson <purple@lewiz.info>, FreeBSD-questions <freebsd-questions@freebsd.org> Subject: Re: Jail FS questions. Message-ID: <200310091700.09658.kennyf@pchg.net> In-Reply-To: <20030803200948.GA10712@lewiz.org> References: <20030803200948.GA10712@lewiz.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Boundary-02=_Zxch/6K62rUfHmg Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline I'm not sure about union fs, never had a real use for it yet.... I have a=20 similair setup as you. I have about 4 jails running so far (~8 more to go).= =20 I've written a fairly large bash scipt to build the jails + configure them= =20 automagically too. I've got a 120GB drive in that system, so for me I don't= =20 really have a problem with space. What I use nullfs for is sharing data=20 between jails, for example: /secure/files/mail <- mail spools would be shared using: (/etc/crontab entries) none /secure/files/mail /secure/internal/smtp/postfix/server/var/spool/mail= =20 rw,noexec,nosuid,nodev 0 0 none /secure/files/mail /secure/internal/imap/courier/server/var/spool/mail= =20 rw,noexec,nosuid,nodev 0 0 haven't really got these up and running yet (ie. I don't really know if=20 postfix + courier both work inside a jail). ATM I'm stuck on my file server= =20 jail, which may never work. I do have djbdns cache+server running. Anyway,= =20 nullfs is great for "remounting" parts of the file system. I would not use= =20 that to remount parts of the file system that have executables on them in r= w=20 mode, only ro. You could mount the base / fs using nullfs onto the jail /=20 filesystem but this would be tricky because you would have to deal with=20 things like syslogd base + syslogd(s) jail both writing to /var/log/. You=20 could mount each directory using nullfs (/bin /sbin, etc) onto the jails an= d=20 I think this would work. I would note the warnings in the man pages about=20 this stuff being experimental tho. You could save space by using the same=20 executables and libs while having seperate /var/ /etc/ etc dirs in the jail= =20 but it would be a bit of work to figure out what dirs to mount_nullfs and=20 what dirs to have as real dirs. Oh, btw, I know about as much about fs's as= =20 you do too, so your milage may vary... =2DKenny On August 3, 2003 04:09 pm, Lewis Thompson wrote: > Hi, > > I currently have a bunch of jails running on my FreeBSD box. I've > done this by making installworld a number of times, each time with a > different DESTDIR (say /jail1, /jail2, /jail3). Clearly this is using a > significant amount of space on the machine. > > I've been reading about unionfs and nullfs (well, more skim reading > really; I'm not FS guru, which is why I'm asking here) and one of these > sounds like it could be the idea solution. At first glance I'd say that > unionfs would be the way to go. > > My question about unionfs: if I use this as a base dir for all of my > jails and decide to ``upgrade'' the base system will it actually work? > I mean, when I start installing stuff through the ports does it ever > modify the base system in any way? If it does, then surely a base > system upgrade will appear to leave the old ports-created files (because > the upper layer changes override the lower unionfs fs). > > Secondly, I don't really understand nullfs. Would this be a > ``better'' solution than using unionfs? Maybe it isn't even a solution, > but if it is, a pointer to some useful articles would be great (aside > man mount_nullfs; I've read that but don't fully understand). > > Thanks very much! > > -lewiz. --Boundary-02=_Zxch/6K62rUfHmg Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQA/hcxZpkWIXJRvi30RAqlAAJ9cd29RtXtJNTB4e20pAlgq0Lp8rgCePTcf itEIXib28JEi6nU285l9jxQ= =4KLg -----END PGP SIGNATURE----- --Boundary-02=_Zxch/6K62rUfHmg--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200310091700.09658.kennyf>