Date: Fri, 27 Sep 2002 18:21:27 +0200 (CEST) From: Oliver Fromme <olli@secnetix.de> To: freebsd-questions@FreeBSD.ORG, erdgeist@gate5.de Subject: Re: mounting /usr/ports to multiple jails Message-ID: <200209271621.g8RGLRTW044587@lurza.secnetix.de> In-Reply-To: <Pine.BSF.4.43.0209271730070.26761-100000@orion.gate5.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Dirk Engling <erdgeist@gate5.de> wrote: > Well, this is not the problem, I do have with NFS. I, honestly, > do not want to have that mountd/portmap/nfsd on my host system, > as it proved to be "insecure on some occasions". I don't think so. If you bind everything to localhost only, export /usr/ports to localhost only (and read-only), I don't really see a security problem. There's also IPFW. (If you're paranoid, make /usr/ports a separate partition.) > This, also, is not the real problem with hardlinks. It simply > would not solve my inode problem. It would, because the hardlinks do not use additional inodes. Well, the directories of the shadow trees would use some, of course, but that's a lot less than the whole ports tree (24,249 vs. 113,096 inodes on a ports tree five minutes old). > And the daily update for > the users ports would be hell :) *ugh* Why daily? That's overkill, IMO. I'd do it no more often than once per week or fortnight. > What I really hoped to hear was something like: Oh well, we > finally fixed all the bugs in mount_nullfs but forgot to update > the man-page :) I'm afraid that's not the answer. :-) I still recommend the loopback-NFS solution. Regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "All that we see or seem is just a dream within a dream" (E. A. Poe) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209271621.g8RGLRTW044587>