From owner-freebsd-hackers  Tue Nov 12 19: 8:49 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2A5C837B401
	for <freebsd-hackers@freebsd.org>; Tue, 12 Nov 2002 19:08:48 -0800 (PST)
Received: from web12801.mail.yahoo.com (web12801.mail.yahoo.com [216.136.174.36])
	by mx1.FreeBSD.org (Postfix) with SMTP id D46C843E91
	for <freebsd-hackers@freebsd.org>; Tue, 12 Nov 2002 19:08:47 -0800 (PST)
	(envelope-from zaunere@yahoo.com)
Message-ID: <20021113030847.69266.qmail@web12801.mail.yahoo.com>
Received: from [66.114.70.134] by web12801.mail.yahoo.com via HTTP; Tue, 12 Nov 2002 19:08:47 PST
Date: Tue, 12 Nov 2002 19:08:47 -0800 (PST)
From: Hans Zaunere <zaunere@yahoo.com>
Subject: Shared files within a jail
To: freebsd-hackers@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG


After much searching and contemplation, I've decided to ask the
question directly:

I'm implementing a jail server, which will provide a very limited set
of resources (Apache/MySQL/PHP).  Setup is going well, however I've run
into a little snag that I hope can be worked out.

I want to allow the users the ability to compile and use their own
instances of Apache and MySQL from within the jail.  But instead of
duplicating the basic system libs and bins, I'd like to maintain a
single repository of this, which can then be read-only from within the
jail.  Options:

-- Symlinks won't work because of the chroot.
-- Mounts from within the jail aren't allowed, plus a single partition
can't be mounted multiple times, AFAIK.
-- I don't have NFS setup, and I would like to avoid it as much as
possible.
-- mount_null seems to be the answer, however the warning at the end of
the man page is scary.

Is there any combination of these (or anything I'm forgetting) that
could help me here?  Is mount_null stable?

I've had an account on a jail server which had /shared visible within
the jail, and symlinks to /bin, /usr/lib and such.  I'm not sure how
this was actually implemented, and I'd be interested if anyone has seen
or heard of any solutions to this type of problem.

Best,



=====
Hans Zaunere
New York PHP
http://nyphp.org
hans@nyphp.org

__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message