Date: Fri, 30 Mar 2012 07:28:46 +1100 From: Peter Jeremy <peterjeremy@acm.org> To: Beeblebrox <zaphod@berentweb.com> Cc: freebsd-fs@freebsd.org Subject: Re: jailed NFS server Message-ID: <20120329202846.GB76833@server.vk2pj.dyndns.org> In-Reply-To: <CAPSTsku7fefaJQ-whx3OecNhU%2BvLHDcRtFc=iThQY-xoN_uBxA@mail.gmail.com> References: <CAPSTskvLbixeyYW9BWFR0bSfJ3%2Br59ZYHHLyJAaYFERobO6O=w@mail.gmail.com> <0685CC3A-753B-4C5B-9E15-C0565B48F885@ultra-secure.de> <CAPSTsku7fefaJQ-whx3OecNhU%2BvLHDcRtFc=iThQY-xoN_uBxA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--b5gNqxB1S1yM7hjW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2012-Mar-29 05:12:43 +0300, Beeblebrox <zaphod@berentweb.com> wrote: >Maybe I will give unfs3 a try. However, One of the reasons I'm trying to >set it up is to be able to run Tinderbox on that jail for distributed >compiling. When I did a little searching about unfs3 + Tinderbox + jail, it >came up with posts about problems and that such setup "does not give good >results". Whilst I've not used unfs3 on FreeBSD, I do use it on Solaris to allow me to NFS export a (ZFS) filesystem from within a zone. My experience is that it works reasonably well, given its limitations: - It's single-threaded. This isn't an issue for me because there are only a couple of light users. It would be useless as a server for more than that. - There's no support for locking (lockd/statd). - A user who has shell access to the server and can mount a filesystem via unfs3 can DoS the NFS server by killing the unfs3 daemon. I did find it necessary to fix a number of bugs along the way. --=20 Peter Jeremy --b5gNqxB1S1yM7hjW Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk90xf4ACgkQ/opHv/APuIesSQCguoXSaV6TSmkRYFULzOXK0IbR 6GQAn0S4CejOvOpK9oJVBF1ePLRx8fr8 =ONrg -----END PGP SIGNATURE----- --b5gNqxB1S1yM7hjW--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120329202846.GB76833>