Date: Sat, 11 Jun 2005 14:55:58 +0200 From: =?ISO-8859-1?Q?Bj=F6rn_K=F6nig?= <bkoenig@cs.tu-berlin.de> To: Rob <rob@deathbeforedecaf.net> Cc: freebsd-questions@freebsd.org Subject: Re: Jails and filesystems Message-ID: <42AADF5E.5060105@cs.tu-berlin.de> In-Reply-To: <bf0cb71c4d68e703938b2c0c986c196d@deathbeforedecaf.net> References: <bf0cb71c4d68e703938b2c0c986c196d@deathbeforedecaf.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Rob wrote:
> I'm trying to figure out the best layout for multiple jails.
>
> I'd like to share binaries across jails - patches and packages only need
> to be installed once, and it saves a lot of space. So these directories
> would be shared and read-only: [...]
You can also use mount_unionfs with option -b. For instance you have a
template jail, let's say in /usr/jail/template, and a jail in
/usr/jail/myjail. You can mount now the template to the jail directory
mount_unionfs -b /usr/jail/template /usr/jail/myjail
It's not read-only. Now you have all files of the template in myjail and
you can even overwrite or delete them if you like, the template remains
untouched.
unionfs treats the mounted directory and the mount point as two layers.
An upper layer where all changes are stored and a lower layer which is
not writable through the upper layer. The option -b invert the position
of these layers.
I make some practical examples:
If you access the myjail directory then you can imagine that you look
from top onto the upper layer and in some cases you look through the
upper layer to the lower layer.
(1) (2) (3)
| | |
+-------|----------|--------------|--------+
| upper layer: /usr/jail/myjail | |
| | | | |
| | V X |
| | /etc/rc.conf |
+-------|----------------------------------+
| lower layer: /usr/jail/template |
| | |
| V |
| /bin/sh /etc/rc.conf /usr/bin/gcc |
+------------------------------------------+
(1) /bin/sh exists in the template, but not in myjail. You'll access the
file of the lower layer.
(2) At first /etc/rc.conf exists in the template only. Then you deceide
that you want to make some changes to the file and you save it. It's
stored in the upper layer and from now you access your changed file
only. The file exists in two different versions in both layers.
(3) You don't need /usr/bin/gcc in your jail? Just delete it. The
template remains untouched, but you can't access it now anymore; even
not if you remount your unionfs.
Please test the use of unionfs copiously. Read the manpage
mount_unionfs(8), especially the BUGS section. I know some users which
never had problems with unionfs and jails, but you should be careful
with it nevertheless.
Regards
Björn
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42AADF5E.5060105>