From owner-freebsd-stable@FreeBSD.ORG  Thu Sep 15 10:59:48 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 35A8A16A41F;
	Thu, 15 Sep 2005 10:59:48 +0000 (GMT)
	(envelope-from gemini@geminix.org)
Received: from gen129.n001.c02.escapebox.net (gen129.n001.c02.escapebox.net
	[213.73.91.129])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A496A43D49;
	Thu, 15 Sep 2005 10:59:47 +0000 (GMT)
	(envelope-from gemini@geminix.org)
Message-ID: <4329541F.3060502@geminix.org>
Date: Thu, 15 Sep 2005 12:59:43 +0200
From: Uwe Doering <gemini@geminix.org>
Organization: Private UNIX Site
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.11) Gecko/20050802
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Brandon Fosdick <bfoz@bfoz.net>
References: <432753CF.6020001@bfoz.net>	<4327CA3C.6050403@geminix.org>	<E1D91BF4-2EC3-4535-A83E-A0D136C87B5E@orthanc.ca>	<20050914110102.W33820@fledge.watson.org>
	<4328E7E5.5050803@bfoz.net>
In-Reply-To: <4328E7E5.5050803@bfoz.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Received: from gemini by geminix.org with esmtpsa (TLSv1:AES256-SHA:256)
	(Exim 4.52 (FreeBSD))
	id 1EFrSy-000B6x-SG; Thu, 15 Sep 2005 12:59:45 +0200
Cc: freebsd-stable@freebsd.org, Robert Watson <rwatson@freebsd.org>,
	Lyndon Nerenberg <lyndon@orthanc.ca>
Subject: Re: Jail to jail network performance?
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Sep 2005 10:59:48 -0000

Brandon Fosdick wrote:
> Robert Watson wrote:
>  > (1) Modifying the name space exclusion assumption for jails, so that the
> 
>>    file system name spaces overlap.  One way to do this is with nullfs.
> 
> nullfs looks interesting. I was thinking about sharing files between jails using NFS, but it looks like nullfs would do the trick with better performance. Although the bugs section of the man page for mount_nullfs is rather scary. Does anyone have any experience with it? Does it actually work?
> 
> If the point here is to make /tmp/mysql.sock show up in another jail's file space, can I use a symlink instead? Can a jailed process see the target of the symlink?

Symlinks are just a path mapping mechanism performed by the kernel at 
lookup time, that is, before the actual access.  In a jail only those 
parts of a filesystem are visible that are at or below the jail's root 
directory.  The same goes for normal chroots.  So if the symlink points 
to a location outside this scope you cannot access the object.

Hardlinks would work, but only if the jails concerned live in the same 
filesystem.  Though they can of course be confined in separate, 
non-overlapping parts of that filesystem.

    Uwe
-- 
Uwe Doering         |  EscapeBox - Managed On-Demand UNIX Servers
gemini@geminix.org  |  http://www.escapebox.net