From owner-freebsd-hackers@FreeBSD.ORG Thu Feb 15 14:21:36 2007 Return-Path: X-Original-To: hackers@freebsd.org Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 96EE216A400; Thu, 15 Feb 2007 14:21:36 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from postfix1-g20.free.fr (postfix1-g20.free.fr [212.27.60.42]) by mx1.freebsd.org (Postfix) with ESMTP id 5225113C48D; Thu, 15 Feb 2007 14:21:36 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp5-g19.free.fr (smtp5-g19.free.fr [212.27.42.35]) by postfix1-g20.free.fr (Postfix) with ESMTP id 880F99D2B38; Thu, 15 Feb 2007 14:56:52 +0100 (CET) Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98]) by smtp5-g19.free.fr (Postfix) with ESMTP id 85EBC278DA; Thu, 15 Feb 2007 14:56:50 +0100 (CET) Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25]) by tatooine.tataz.chchile.org (Postfix) with ESMTP id CB7359D41F; Thu, 15 Feb 2007 13:57:50 +0000 (UTC) Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000) id 9D98B405D; Thu, 15 Feb 2007 14:57:50 +0100 (CET) Date: Thu, 15 Feb 2007 14:57:50 +0100 From: Jeremie Le Hen To: Josef Karthauser Message-ID: <20070215135750.GR64768@obiwan.tataz.chchile.org> References: <20070204023711.GA3393@genius.tao.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070204023711.GA3393@genius.tao.org.uk> User-Agent: Mutt/1.5.13 (2006-08-11) Cc: hackers@freebsd.org, fs@freebsd.org Subject: Re: nullfs and named pipes. X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 14:21:36 -0000 Hi Josef, On Sun, Feb 04, 2007 at 02:37:11AM +0000, Josef Karthauser wrote: > There appears to be a lot of confusion on the lists about this point > as many people are trying to do this so as to make a single mysql > server available from within a number of jails, for instance. However > people appear to think that this is a limitation of the jail code, not a > limitation of the null_fs code. Having named pipes work in null_fs > filesystems would be a very handy thing indeed. Note that all processes within a jail can only intefere with processes from another jail or host as if they were on different machines. This means they can communicate through PF_INET for instance but not PF_LOCAL. IOW you have to think your jails as if theey were multiples boxes. You should therefore make them communicate with networking sockets and protect the latter with firewalling rules or tcpwrapper. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >