From owner-freebsd-hackers@FreeBSD.ORG Tue Mar 2 14:52:22 2010 Return-Path: Delivered-To: freebsd-hackers@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 99BDE106564A; Tue, 2 Mar 2010 14:52:22 +0000 (UTC) (envelope-from mark@coreland.ath.cx) Received: from birch.site5.com (birch.site5.com [174.132.116.226]) by mx1.freebsd.org (Postfix) with ESMTP id 69ED48FC15; Tue, 2 Mar 2010 14:52:22 +0000 (UTC) Received: from dsl78-143-196-85.in-addr.fast.co.uk ([78.143.196.85] helo=viper.internal.network) by birch.site5.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from ) id 1NmTSO-0001cT-JI; Tue, 02 Mar 2010 08:52:20 -0600 Received: from viper.internal.network (localhost [127.0.0.1]) by viper.internal.network (Postfix) with ESMTP id 1F9314AC06; Tue, 2 Mar 2010 14:52:17 +0000 (UTC) Received: (from m0@localhost) by viper.internal.network (8.14.3/8.14.3/Submit) id o22EqGp8011164; Tue, 2 Mar 2010 14:52:16 GMT (envelope-from mark@coreland.ath.cx) X-Authentication-Warning: viper.internal.network: m0 set sender to mark@coreland.ath.cx using -f Date: Tue, 2 Mar 2010 14:52:16 +0000 From: mark@coreland.ath.cx To: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= Message-ID: <20100302145216.GA60987@logik.internal.network> References: <20100226222113.GA14592@logik.internal.network> <4B884D48.90509@FreeBSD.org> <20100227093409.GA40858@logik.internal.network> <864ol0w4g5.fsf@ds4.des.no> <20100301135829.GB2219@logik.internal.network> <86zl2suo8n.fsf@ds4.des.no> <20100301161901.GC2219@logik.internal.network> <86635frhaa.fsf@ds4.des.no> <20100301220332.GB74816@logik.internal.network> <86aaurniuq.fsf@ds4.des.no> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <86aaurniuq.fsf@ds4.des.no> Content-Transfer-Encoding: quoted-printable X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - birch.site5.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - coreland.ath.cx X-Source: X-Source-Args: X-Source-Dir: X-Mailman-Approved-At: Tue, 02 Mar 2010 18:47:23 +0000 Cc: Greg Larkin , freebsd-hackers@FreeBSD.org Subject: Re: package building failure irritation X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2010 14:52:22 -0000 On 2010-03-02 11:00:45, Dag-Erling Sm=F8rgrav wrote: > xorquewasp@googlemail.com writes: > > Basically, I have a ton of jails and each jail mounts a shared 'tmp', >=20 > That's not a good idea, there are too many opportunities for conflicts > (software that creates sockets and state directories with non-randomize= d > names in /tmp) and might even allow a compromised jail to compromise th= e > others. Don't panic. It's actually mounted at /shared_tmp as an explicit means for jails to communicate via the filesystem. In other words, it's known to be unsafe. I use it to sandbox programs to some extent (download a pdf on the host into /shared_tmp and open it in a pdf reader in a jail that has no network or other filesystem access). The jails also aren't externally accessible. > zfs set mountpoint=3D/jail/8.0-amd64-mk4 storage/jails/8.0/x86_64/mk4 >=20 > Children of storage/jails/8.0/x86_64/mk4 will inherit this property, so > they will automatically appear where you expect; alternatively, you can > set the mountpoint property for each individual fileset. I see. Is it possible to define multiple mountpoints (to emulate what nullfs provides)? xw