From owner-freebsd-questions@FreeBSD.ORG  Sat Jun 11 11:35:41 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7171416A41C
	for <freebsd-questions@freebsd.org>;
	Sat, 11 Jun 2005 11:35:41 +0000 (GMT)
	(envelope-from rob@deathbeforedecaf.net)
Received: from zim.0x7e.net (zim.0x7e.net [203.38.184.132])
	by mx1.FreeBSD.org (Postfix) with ESMTP id ED94843D1F
	for <freebsd-questions@freebsd.org>;
	Sat, 11 Jun 2005 11:35:40 +0000 (GMT)
	(envelope-from rob@deathbeforedecaf.net)
Received: from qux.0x7e.net ([203.38.184.168])
	by zim.0x7e.net with esmtp (Exim 4.32; FreeBSD)
	id 1Dh4H5-00055x-F7; Sat, 11 Jun 2005 21:05:39 +0930
Mime-Version: 1.0 (Apple Message framework v622)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <bf0cb71c4d68e703938b2c0c986c196d@deathbeforedecaf.net>
Content-Transfer-Encoding: 7bit
From: Rob <rob@deathbeforedecaf.net>
Date: Sat, 11 Jun 2005 21:05:37 +0930
To: freebsd-questions@freebsd.org
X-Mailer: Apple Mail (2.622)
Subject: Jails and filesystems
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jun 2005 11:35:41 -0000

Fellow BSDers,

I'm trying to figure out the best layout for multiple jails.

I'd like to share binaries across jails - patches and packages only 
need to be installed once, and it saves a lot of space. So these 
directories would be shared and read-only:
	/bin
	/sbin
	/usr (except /usr/local/etc)
	/var/db/pkg

And these would be private:
	/etc
	/usr/local/etc
	/var (except /var/db/pkg)

The current plan is to move all the shared stuff into /shared, and 
mount it read-only into each jail with nullfs. Then /usr/local/etc is 
moved into /private. This is how it looks inside the jail:

> root@tak /tmp/3569/root # env - /usr/sbin/chroot `pwd` /usr/bin/login 
> -f root
> Last login: Sat Jun 11 09:16:11 on tty??
> Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
>         The Regents of the University of California.  All rights 
> reserved.
>
> root@tak ~ # cd /
> root@tak / # ll
> total 27
> drwxr-xr-x  13 root  wheel   512 Jun  9 14:38 .
> drwxr-xr-x  13 root  wheel   512 Jun  9 14:38 ..
> -rw-r--r--   1 root  wheel   802 Jan 21 15:46 .cshrc
> -rw-r--r--   1 root  wheel   251 Jan 21 15:46 .profile
> -r--r--r--   1 root  wheel  6117 Jan 21 15:46 COPYRIGHT
> lrwxr-xr-x   1 root  wheel    11 Jun  9 14:38 bin -> /shared/bin
> drwxr-xr-x   3 root  wheel   512 Jan 21 15:46 boot
> drwxr-xr-x   3 root  wheel  1536 Jun  9 14:01 dev
> drwxr-xr-x  16 root  wheel  2048 Jun  9 14:27 etc
> -rw-r--r--   1 root  wheel     0 Jun  9 14:01 kernel
> drwxr-xr-x   2 root  wheel   512 Jun  9 14:37 mnt
> drwxr-xr-x   2 root  wheel  4608 Jun  9 14:01 modules
> drwxr-xr-x   3 root  wheel   512 Jun  9 14:37 private
> dr-xr-xr-x   2 root  wheel   512 Jan 21 15:45 proc
> drwxr-xr-x   2 root  wheel   512 Jun 11 09:12 root
> lrwxr-xr-x   1 root  wheel    12 Jun  9 14:38 sbin -> /shared/sbin
> drwxr-xr-x   6 root  wheel   512 Jun  9 14:47 shared
> drwxrwxrwt   2 root  wheel   512 Jan 21 15:45 tmp
> lrwxr-xr-x   1 root  wheel    11 Jun  9 14:38 usr -> /shared/usr
> drwxr-xr-x  20 root  wheel   512 Jun  9 14:01 var
> root@tak / # ll usr/local var/db
> usr/local:
> total 2
> drwxr-xr-x   2 root  wheel  512 Jun  9 14:38 .
> drwxr-xr-x  14 root  wheel  512 Jun  9 14:26 ..
> lrwxr-xr-x   1 root  wheel   12 Jun  9 14:38 etc -> /private/etc
>
> var/db:
> total 3
> drwxr-xr-x   3 root    wheel  512 Jun  9 14:47 .
> drwxr-xr-x  20 root    wheel  512 Jun  9 14:01 ..
> drwx------   2 root    wheel  512 Jan 21 15:45 ipf
> -rw-r--r--   1 nobody  wheel    0 Jan 21 15:46 locate.database
> -rw-r--r--   1 root    wheel    0 Jun  9 14:01 mountdtab
> lrwxr-xr-x   1 root    wheel   11 Jun  9 14:47 pkg -> /shared/pkg
> root@tak / # ll shared private
> private:
> total 3
> drwxr-xr-x   3 root  wheel  512 Jun  9 14:37 .
> drwxr-xr-x  13 root  wheel  512 Jun  9 14:38 ..
> drwxr-xr-x   2 root  wheel  512 Jun  9 14:27 etc
>
> shared:
> total 7
> drwxr-xr-x   6 root  wheel   512 Jun  9 14:47 .
> drwxr-xr-x  13 root  wheel   512 Jun  9 14:38 ..
> drwxr-xr-x   2 root  wheel  1024 Jun  9 14:26 bin
> drwxr-xr-x   2 root  wheel   512 Jun  9 14:47 pkg
> drwxr-xr-x   2 root  wheel  2048 Jun  9 14:26 sbin
> drwxr-xr-x  14 root  wheel   512 Jun  9 14:26 usr

I think this will work, but it seems kind of messy. Am I missing a 
simpler way?

Thanks
Rob.