From owner-freebsd-hackers@FreeBSD.ORG Wed Apr 20 15:12:11 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6667116A4CE for ; Wed, 20 Apr 2005 15:12:11 +0000 (GMT) Received: from grummit.biaix.org (86.Red-213-97-212.pooles.rima-tde.net [213.97.212.86]) by mx1.FreeBSD.org (Postfix) with SMTP id AC4C043D3F for ; Wed, 20 Apr 2005 15:12:09 +0000 (GMT) (envelope-from lists-freebsd-hackers@biaix.org) Received: (qmail 15719 invoked by uid 1000); 20 Apr 2005 15:11:04 -0000 Date: Wed, 20 Apr 2005 17:11:04 +0200 From: Joan Picanyol i Puig To: freebsd-hackers@freebsd.org Message-ID: <20050420151104.GA11753@grummit.biaix.org> Mail-Followup-To: freebsd-hackers@freebsd.org References: <20050420135013.GE91329@obiwan.tataz.chchile.org> <20050420143715.GF91329@obiwan.tataz.chchile.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050420143715.GF91329@obiwan.tataz.chchile.org> User-Agent: Mutt/1.5.6i Subject: Re: Configuration differences for jails X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2005 15:12:11 -0000 * Jeremie Le Hen [20050420 16:37]: > > Now with some distance, I must admit that all this gymnastic is quite > > boring. I now decided to run two virtual hosts as they are managed in > > a very natural way. These two hosts are just like two real boxes, one > > running Bind and the other one running Postfix. When I need to update > > something in the configuration, I login to the box with ssh(1). This > > take some more memory and in principle no CPU as all processes are > > sleeping most of the time. > > I forgotten to explain that using virtual hosts require some > administration too in order to avoid wasting disk space. The jail(8) > manual page advices to make world with DESTDIR set. I prefer using > null mounts as it doesn't require additional disk space and an upgrade > of the host will automagically upgrade virtual hosts. You will > nevertheless have to make distribution and distrib-dirs. Here are the > directories I advice you to share : > /bin /sbin /lib /libexec > /usr/bin /usr/sbin /usr/lib /usr/libexec /usr/libdata /usr/share > /usr/doc /usr/compat /usr/ports I'm trying to untangle myself on this issue. I have different filesystems for /, /usr, and /usr/local, mounted in unusual places: 504,p0,1$ ls -l /usr{,/X11R6,/local} lrwxr-xr-x 1 root wheel 18 7 nov 2003 /usr -> fs/base/mount/usr/ lrwxr-xr-x 1 root wheel 25 8 nov 2003 /usr/X11R6 -> ../../../apps/mount/X11R6 lrwxr-xr-x 1 root wheel 25 18 abr 20:40 /usr/local -> ../../../apps/mount/local I know I want to share /usr, but not /usr/local, and only parts of /. So I mount_unionfs /fs/base inside the jail: :/fs/base/mount on /fs/jaildata/mount/fs/base/mount (unionfs, local, read-only, noclusterw) But this way I don't get the "automagically upgrade virtual hosts" behaviour I want, since I'm missing /{,s}bin, /lib and /libexec and I definitely don't want to share /etc. I don't think it's easy to take /etc/ outside the root fs, but I don't see how to share /bin or /lib without leaking info. How do you handle this? What are those distribution targets and how can I use them? tks -- pica