From owner-freebsd-questions Fri Sep 27 9:21:32 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C6B0037B401 for ; Fri, 27 Sep 2002 09:21:30 -0700 (PDT) Received: from lurza.secnetix.de (lurza.secnetix.de [212.66.1.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id EF3A443E42 for ; Fri, 27 Sep 2002 09:21:29 -0700 (PDT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (localhost [IPv6:::1]) by lurza.secnetix.de (8.12.5/8.12.5) with ESMTP id g8RGLSmC044588; Fri, 27 Sep 2002 18:21:28 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.12.5/8.12.5/Submit) id g8RGLRTW044587; Fri, 27 Sep 2002 18:21:27 +0200 (CEST) Date: Fri, 27 Sep 2002 18:21:27 +0200 (CEST) Message-Id: <200209271621.g8RGLRTW044587@lurza.secnetix.de> From: Oliver Fromme To: freebsd-questions@FreeBSD.ORG, erdgeist@gate5.de Reply-To: freebsd-questions@FreeBSD.ORG, erdgeist@gate5.de Subject: Re: mounting /usr/ports to multiple jails In-Reply-To: X-Newsgroups: list.freebsd-questions User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.6-STABLE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Dirk Engling wrote: > Well, this is not the problem, I do have with NFS. I, honestly, > do not want to have that mountd/portmap/nfsd on my host system, > as it proved to be "insecure on some occasions". I don't think so. If you bind everything to localhost only, export /usr/ports to localhost only (and read-only), I don't really see a security problem. There's also IPFW. (If you're paranoid, make /usr/ports a separate partition.) > This, also, is not the real problem with hardlinks. It simply > would not solve my inode problem. It would, because the hardlinks do not use additional inodes. Well, the directories of the shadow trees would use some, of course, but that's a lot less than the whole ports tree (24,249 vs. 113,096 inodes on a ports tree five minutes old). > And the daily update for > the users ports would be hell :) *ugh* Why daily? That's overkill, IMO. I'd do it no more often than once per week or fortnight. > What I really hoped to hear was something like: Oh well, we > finally fixed all the bugs in mount_nullfs but forgot to update > the man-page :) I'm afraid that's not the answer. :-) I still recommend the loopback-NFS solution. Regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "All that we see or seem is just a dream within a dream" (E. A. Poe) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message