From owner-freebsd-hackers  Sat Mar 22 14:57:16 2003
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5E4C637B401
	for <hackers@FreeBSD.ORG>; Sat, 22 Mar 2003 14:57:15 -0800 (PST)
Received: from ints.mail.pike.ru (ints.mail.pike.ru [195.9.45.194])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0D28C43FBD
	for <hackers@FreeBSD.ORG>; Sat, 22 Mar 2003 14:57:14 -0800 (PST)
	(envelope-from babolo@cicuta.babolo.ru)
Received: (qmail 29734 invoked from network); 22 Mar 2003 23:12:54 -0000
Received: from babolo.ru (HELO cicuta.babolo.ru) (194.58.226.160)
  by ints.mail.pike.ru with SMTP; 22 Mar 2003 23:12:54 -0000
Received: (nullmailer pid 3537 invoked by uid 136);
	Sat, 22 Mar 2003 22:59:44 -0000
Subject: Re: ld.so and hard links
X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1
In-Reply-To: <1048302188.39751.11.camel@chowder.dons.net.au>
To: "Daniel O'Connor" <doconnor@gsoft.com.au>
Date: Sun, 23 Mar 2003 01:59:44 +0300 (MSK)
From: "."@babolo.ru
Cc: Terry Lambert <tlambert2@mindspring.com>,
	Paco Hope <paco@cigital.com>, hackers@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL99b (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
Message-Id: <1048373984.431400.3536.nullmailer@cicuta.babolo.ru>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

> On Sat, 2003-03-22 at 07:30, Terry Lambert wrote:
> > You could potentially save a lot of memory.  *However*.  You may
> > not want to do this, since you are defeating priviledge seperation
> > that is what made you want to use jails in the first place.
> 
> There's a Linux Jail like thing called vserver, it has a feature where
> you hardlink a whole bunch of stuff for different jails (it has tools
> for building a set of jails from a given tree). It does a copy on write
> for any of these hardlinked files so you don't get the security issue.
> 
> No idea if it's possible to implement something like that for a jail :)
schg flag is sufficient to do impossible
hardlinked files change in jail IMHO
Or I forgot something?



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message