From owner-freebsd-stable  Mon Mar 12  7: 3:18 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from cisco.com (sword.cisco.com [161.44.208.100])
	by hub.freebsd.org (Postfix) with ESMTP id B0C8B37B722
	for <freebsd-stable@FreeBSD.ORG>; Mon, 12 Mar 2001 07:03:11 -0800 (PST)
	(envelope-from sjt@cisco.com)
Received: from sjt-u10.cisco.com (sjt-u10.cisco.com [10.85.30.63])
	by cisco.com (8.8.5-Cisco.1/8.8.8) with ESMTP id KAA26864;
	Mon, 12 Mar 2001 10:02:55 -0500 (EST)
From: Steve Tremblett <sjt@cisco.com>
Received: (sjt@localhost) by sjt-u10.cisco.com (8.8.5-Cisco.1/CISCO.WS.1.2) id KAA25352; Mon, 12 Mar 2001 10:02:54 -0500 (EST)
Message-Id: <200103121502.KAA25352@sjt-u10.cisco.com>
Subject: Re: nullfs et al
To: Jan.Grant@bristol.ac.uk (Jan Grant)
Date: Mon, 12 Mar 2001 10:02:54 -0500 (EST)
Cc: sjt@cisco.com (Steve Tremblett),
	freebsd-stable@FreeBSD.ORG (freebsd-stable)
In-Reply-To: <Pine.GSO.4.31.0103121440330.26600-100000@mail.ilrt.bris.ac.uk> from "Jan Grant" at Mar 12, 2001 02:42:09 PM
X-Mailer: ELM [version 2.5 PL1]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

+--- Jan Grant wrote:
| 
| > An alternative to this could be symlinks.  In a chroot()ed environment,
| > the user should see symlinks OUT of the jail as the actual files.
| >
| > Populate /usr/local/jail/bin, /usr/local/jail/usr/bin... with whatever
| > you want, and then just link /chroot/path/bin -> /usr/jail/bin...
| >
| > Then you eliminate the NFS overhead, but now links are eating all your
| > inodes...
| 
| I don't think this does what you think it does. If it _does_ work, then
| jail is so badly fragged that I'm surprised nobody has screamed yet.
| 
| Absolute symlinks should be interpreted relative to chroot; relative
| symlinks containing "../../../../.." should see chroot as the ceiling.
| 

my mistake - I used this before on another OS.  I have not tried this
on FreeBSD, so I can't attest to how it works.  On the system I did use
it on, the absolute symlinks were interpreted relative to the REAL /,
and the user only saw a regular file as opposed to the link.

-- 
Steve Tremblett

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message