Date: Thu, 15 Feb 2007 14:57:50 +0100 From: Jeremie Le Hen <jeremie@le-hen.org> To: Josef Karthauser <joe@FreeBSD.org> Cc: hackers@freebsd.org, fs@freebsd.org Subject: Re: nullfs and named pipes. Message-ID: <20070215135750.GR64768@obiwan.tataz.chchile.org> In-Reply-To: <20070204023711.GA3393@genius.tao.org.uk> References: <20070204023711.GA3393@genius.tao.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Josef, On Sun, Feb 04, 2007 at 02:37:11AM +0000, Josef Karthauser wrote: > There appears to be a lot of confusion on the lists about this point > as many people are trying to do this so as to make a single mysql > server available from within a number of jails, for instance. However > people appear to think that this is a limitation of the jail code, not a > limitation of the null_fs code. Having named pipes work in null_fs > filesystems would be a very handy thing indeed. Note that all processes within a jail can only intefere with processes from another jail or host as if they were on different machines. This means they can communicate through PF_INET for instance but not PF_LOCAL. IOW you have to think your jails as if theey were multiples boxes. You should therefore make them communicate with networking sockets and protect the latter with firewalling rules or tcpwrapper. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070215135750.GR64768>