From owner-freebsd-fs@FreeBSD.ORG Thu Mar 29 20:29:02 2012 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 68CF4106566C for ; Thu, 29 Mar 2012 20:29:02 +0000 (UTC) (envelope-from peterjeremy@acm.org) Received: from mail12.syd.optusnet.com.au (mail12.syd.optusnet.com.au [211.29.132.193]) by mx1.freebsd.org (Postfix) with ESMTP id ECBEC8FC14 for ; Thu, 29 Mar 2012 20:29:01 +0000 (UTC) Received: from server.vk2pj.dyndns.org (c220-239-116-103.belrs4.nsw.optusnet.com.au [220.239.116.103]) by mail12.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id q2TKSmwj027516 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 30 Mar 2012 07:28:50 +1100 X-Bogosity: Ham, spamicity=0.000000 Received: from server.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by server.vk2pj.dyndns.org (8.14.5/8.14.4) with ESMTP id q2TKSmv2077281; Fri, 30 Mar 2012 07:28:48 +1100 (EST) (envelope-from peter@server.vk2pj.dyndns.org) Received: (from peter@localhost) by server.vk2pj.dyndns.org (8.14.5/8.14.5/Submit) id q2TKSldL077280; Fri, 30 Mar 2012 07:28:47 +1100 (EST) (envelope-from peter) Date: Fri, 30 Mar 2012 07:28:46 +1100 From: Peter Jeremy To: Beeblebrox Message-ID: <20120329202846.GB76833@server.vk2pj.dyndns.org> References: <0685CC3A-753B-4C5B-9E15-C0565B48F885@ultra-secure.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="b5gNqxB1S1yM7hjW" Content-Disposition: inline In-Reply-To: X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-fs@freebsd.org Subject: Re: jailed NFS server X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Mar 2012 20:29:02 -0000 --b5gNqxB1S1yM7hjW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2012-Mar-29 05:12:43 +0300, Beeblebrox wrote: >Maybe I will give unfs3 a try. However, One of the reasons I'm trying to >set it up is to be able to run Tinderbox on that jail for distributed >compiling. When I did a little searching about unfs3 + Tinderbox + jail, it >came up with posts about problems and that such setup "does not give good >results". Whilst I've not used unfs3 on FreeBSD, I do use it on Solaris to allow me to NFS export a (ZFS) filesystem from within a zone. My experience is that it works reasonably well, given its limitations: - It's single-threaded. This isn't an issue for me because there are only a couple of light users. It would be useless as a server for more than that. - There's no support for locking (lockd/statd). - A user who has shell access to the server and can mount a filesystem via unfs3 can DoS the NFS server by killing the unfs3 daemon. I did find it necessary to fix a number of bugs along the way. --=20 Peter Jeremy --b5gNqxB1S1yM7hjW Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk90xf4ACgkQ/opHv/APuIesSQCguoXSaV6TSmkRYFULzOXK0IbR 6GQAn0S4CejOvOpK9oJVBF1ePLRx8fr8 =ONrg -----END PGP SIGNATURE----- --b5gNqxB1S1yM7hjW--