Date: Mon, 22 Sep 2008 11:36:48 +0400 From: Michael Lednev <michaek@mail.ru> To: Matt Fioravante <fmatthew5876@gmail.com> Cc: freebsd-questions@FreeBSD.org Subject: Re: Shared /usr in jails Message-ID: <48D74B10.5020106@mail.ru> In-Reply-To: <3eca10930809212301t207b6d08p26eb27294350227a@mail.gmail.com> References: <3eca10930809212301t207b6d08p26eb27294350227a@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matt Fioravante пишет: > I want to implement a number of jails for different services on a single > box. > > Since /usr is the same everywhere I'd like to just mount one copy of it > read-only to all the jails and then have them each have their own /usr/local > > Someone recommended keeping the main system's /usr separate. This would mean > building a /usr for the main system and then making a copy of it > to be shared by the jails. > > Aesthetics and philosophy aside, are there any real security holes in just > using the systems /usr everywhere if it is mounted read only in the jails? > THis seems to be the > approach used by solaris zones. > > You can try ports/sysutils/ezjail
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48D74B10.5020106>