From owner-freebsd-questions@FreeBSD.ORG Thu Dec 23 03:27:00 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 57571106566C for ; Thu, 23 Dec 2010 03:27:00 +0000 (UTC) (envelope-from chad@shire.net) Received: from mail.shire.net (mail.freestylefund.com [209.41.94.250]) by mx1.freebsd.org (Postfix) with ESMTP id 3EED68FC0A for ; Thu, 23 Dec 2010 03:26:59 +0000 (UTC) Received: from c-67-172-236-20.hsd1.ut.comcast.net ([67.172.236.20] helo=[192.168.99.216]) by mail.shire.net with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.51) id 1PVbPQ-0004Sx-EC; Wed, 22 Dec 2010 20:00:04 -0700 Mime-Version: 1.0 (Apple Message framework v1081) Content-Type: text/plain; charset=us-ascii From: "Chad Leigh -- Shire.Net LLC" In-Reply-To: <4D12BA51.2010602@speakeasy.net> Date: Wed, 22 Dec 2010 20:00:02 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <09452D14-1133-4282-ACF3-648D6607644A@shire.net> References: <4D12BA51.2010602@speakeasy.net> To: "Jason C. Wells" X-Mailer: Apple Mail (2.1081) X-SA-Exim-Connect-IP: 67.172.236.20 X-SA-Exim-Mail-From: chad@shire.net X-SA-Exim-Scanned: No (on mail.shire.net); SAEximRunCond expanded to false Cc: freebsd general questions Subject: Re: Nullfs Allows Jailbreaking X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Dec 2010 03:27:00 -0000 On Dec 22, 2010, at 7:56 PM, Jason C. Wells wrote: > Here is my file system scheme for a newly created jail as viewed from = the host: >=20 > /usr/jail/template on /usr/jail/f1 (nullfs, local, read-only) > /usr/jail/f1-fs/etc on /usr/jail/f1/etc (nullfs, local) > /usr/jail/f1-fs/tmp on /usr/jail/f1/tmp (nullfs, local) > /usr/jail/f1-fs/var on /usr/jail/f1/var (nullfs, local) > /usr/jail/f1-fs/usr-local on /usr/jail/f1/usr/local (nullfs, local) >=20 > As viewed from the jail: >=20 > /usr/jail/template on / (nullfs, local, read-only) >=20 > I like the idea of using a template for multiple jails that I plan to = use later. I like the ide of mounting the template read only. I had to = splice in the other nullfs filesystems so that things that need to be = read-write can be. >=20 > But it seems kinda funky. Inside the jail it looks like EVERYTHING is = read-only and you have no way of knowing that /tmp is actually = read-write. There seems to be a violation of the segregation going on = here. >=20 > What pitfalls can you see in a file system scheme like this for my = jails? Is the above behavior by design or did I find a flaw? I have been doing this for years with great success. I don't = understand your question. How does it look like everything is read = only from inside the jail? The fact that a "df" only shows the root = filesystem and not all your others file systems? (assuming that is still = the truth -- my jails do this on older FBSD systems)