From owner-freebsd-questions@FreeBSD.ORG  Mon Sep 22 07:36:54 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1A24E106566B
	for <freebsd-questions@FreeBSD.org>;
	Mon, 22 Sep 2008 07:36:54 +0000 (UTC) (envelope-from michaek@mail.ru)
Received: from big.innet.yaroslavl.su (big.innet.yaroslavl.su [217.15.134.73])
	by mx1.freebsd.org (Postfix) with ESMTP id 81F7E8FC1F
	for <freebsd-questions@FreeBSD.org>;
	Mon, 22 Sep 2008 07:36:53 +0000 (UTC) (envelope-from michaek@mail.ru)
Received: from relay.innet.yaroslavl.su (relay.innet.yaroslavl.su
	[217.15.134.70])
	by big.innet.yaroslavl.su (8.13.7/8.13.7) with ESMTP id m8M7apGj099020; 
	Mon, 22 Sep 2008 11:36:51 +0400 (MSD)
Received: from reaper.yaroslavl.ru (reaper.yaroslavl.ru [85.113.195.205])
	by relay.innet.yaroslavl.su (8.13.8/8.13.8) with ESMTP id
	m8M7aoNE021736; Mon, 22 Sep 2008 11:36:51 +0400 (MSD)
	(envelope-from michaek@mail.ru)
Received: from [127.0.0.1] (unknown [192.168.10.184])
	by reaper.yaroslavl.ru (Postfix) with ESMTP id 4869517039;
	Mon, 22 Sep 2008 11:36:49 +0400 (MSD)
Message-ID: <48D74B10.5020106@mail.ru>
Date: Mon, 22 Sep 2008 11:36:48 +0400
From: Michael Lednev <michaek@mail.ru>
User-Agent: Thunderbird 2.0.0.16 (Windows/20080708)
MIME-Version: 1.0
To: Matt Fioravante <fmatthew5876@gmail.com>
References: <3eca10930809212301t207b6d08p26eb27294350227a@mail.gmail.com>
In-Reply-To: <3eca10930809212301t207b6d08p26eb27294350227a@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Cc: freebsd-questions@FreeBSD.org
Subject: Re: Shared /usr in jails
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Sep 2008 07:36:54 -0000

Matt Fioravante пишет:
> I want to implement a number of jails for different services on a single
> box.
>
> Since /usr is the same everywhere I'd like to just mount one copy of it
> read-only to all the jails and then have them each have their own /usr/local
>
> Someone recommended keeping the main system's /usr separate. This would mean
> building a /usr for the main system and then making a copy of it
> to be shared by the jails.
>
> Aesthetics and philosophy aside, are there any real security holes in just
> using the systems /usr everywhere if it is mounted read only in the jails?
> THis seems to be the
> approach used by solaris zones.
>
>   

You can try ports/sysutils/ezjail