From owner-freebsd-hackers@FreeBSD.ORG Wed Apr 20 16:56:42 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9DC0416A4CE for ; Wed, 20 Apr 2005 16:56:42 +0000 (GMT) Received: from postfix3-1.free.fr (postfix3-1.free.fr [213.228.0.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id EADDD43D41 for ; Wed, 20 Apr 2005 16:56:41 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix3-1.free.fr (Postfix) with ESMTP id 1937B173549 for ; Wed, 20 Apr 2005 18:56:40 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id 7EC57405A; Wed, 20 Apr 2005 18:56:00 +0200 (CEST) Date: Wed, 20 Apr 2005 18:56:00 +0200 From: Jeremie Le Hen To: freebsd-hackers@freebsd.org Message-ID: <20050420165559.GI91329@obiwan.tataz.chchile.org> References: <20050420135013.GE91329@obiwan.tataz.chchile.org> <20050420143715.GF91329@obiwan.tataz.chchile.org> <20050420151104.GA11753@grummit.biaix.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050420151104.GA11753@grummit.biaix.org> User-Agent: Mutt/1.5.9i Subject: Re: Configuration differences for jails X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2005 16:56:42 -0000 > I'm trying to untangle myself on this issue. I have different > filesystems for /, /usr, and /usr/local, mounted in unusual places: > > 504,p0,1$ ls -l /usr{,/X11R6,/local} > lrwxr-xr-x 1 root wheel 18 7 nov 2003 /usr -> fs/base/mount/usr/ > lrwxr-xr-x 1 root wheel 25 8 nov 2003 /usr/X11R6 -> > ../../../apps/mount/X11R6 > lrwxr-xr-x 1 root wheel 25 18 abr 20:40 /usr/local -> > ../../../apps/mount/local > > I know I want to share /usr, but not /usr/local, and only parts of /. So > I mount_unionfs /fs/base inside the jail: > > :/fs/base/mount on /fs/jaildata/mount/fs/base/mount (unionfs, > local, read-only, noclusterw) > mount_nullfs(8) will mount one directory and all its content onto another one, but there is no way to exclude one of the subdirectory. You will instead have to mount each subdirectory you need, not more. One other way do achieve this is to make a second null mount over the directory you don't wan't to share (/usr/local) but I'm not aware of the consequences of such setup in term of performance and stability. > But this way I don't get the "automagically upgrade virtual hosts" > behaviour I want, since I'm missing /{,s}bin, /lib and /libexec and I > definitely don't want to share /etc. You won't have a one to one mapping between jail and null mounts. There are generally multiple null mounts for a unique jail. Considering your jail root is /jail/test, and you enabled the jail_$jail_mount (jail_test_mount here) rc.conf(5) variable, here is the content of /etc/fstab.test : %%% /bin /jail/test/bin nullfs ro 0 0 /sbin /jail/test/sbin nullfs ro 0 0 /lib /jail/test/lib nullfs ro 0 0 /libexec /jail/test/libexec nullfs ro 0 0 /usr/bin /jail/test/usr/bin nullfs ro 0 0 /usr/sbin /jail/test/usr/sbin nullfs ro 0 0 /usr/lib /jail/test/usr/lib nullfs ro 0 0 /usr/libexec /jail/test/usr/libexec nullfs ro 0 0 /usr/libdata /jail/test/usr/libdata nullfs ro 0 0 /usr/share /jail/test/usr/share nullfs ro 0 0 /usr/compat /jail/test/usr/compat nullfs ro 0 0 %%% > I don't think it's easy to take /etc/ outside the root fs, but I don't > see how to share /bin or /lib without leaking info. > > How do you handle this? What are those distribution targets and how can > I use them? As I said above, null mount each directory. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >