Date: Thu, 15 Sep 2005 12:59:43 +0200 From: Uwe Doering <gemini@geminix.org> To: Brandon Fosdick <bfoz@bfoz.net> Cc: freebsd-stable@freebsd.org, Robert Watson <rwatson@freebsd.org>, Lyndon Nerenberg <lyndon@orthanc.ca> Subject: Re: Jail to jail network performance? Message-ID: <4329541F.3060502@geminix.org> In-Reply-To: <4328E7E5.5050803@bfoz.net> References: <432753CF.6020001@bfoz.net> <4327CA3C.6050403@geminix.org> <E1D91BF4-2EC3-4535-A83E-A0D136C87B5E@orthanc.ca> <20050914110102.W33820@fledge.watson.org> <4328E7E5.5050803@bfoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Brandon Fosdick wrote: > Robert Watson wrote: > > (1) Modifying the name space exclusion assumption for jails, so that the > >> file system name spaces overlap. One way to do this is with nullfs. > > nullfs looks interesting. I was thinking about sharing files between jails using NFS, but it looks like nullfs would do the trick with better performance. Although the bugs section of the man page for mount_nullfs is rather scary. Does anyone have any experience with it? Does it actually work? > > If the point here is to make /tmp/mysql.sock show up in another jail's file space, can I use a symlink instead? Can a jailed process see the target of the symlink? Symlinks are just a path mapping mechanism performed by the kernel at lookup time, that is, before the actual access. In a jail only those parts of a filesystem are visible that are at or below the jail's root directory. The same goes for normal chroots. So if the symlink points to a location outside this scope you cannot access the object. Hardlinks would work, but only if the jails concerned live in the same filesystem. Though they can of course be confined in separate, non-overlapping parts of that filesystem. Uwe -- Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers gemini@geminix.org | http://www.escapebox.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4329541F.3060502>