Date: Sat, 15 Jul 2000 02:10:16 -0700 (PDT) From: Kelly Yancey <kbyanc@posi.net> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: Dan Nelson <dnelson@emsphone.com>, Julian Elischer <julian@elischer.org>, Warner Losh <imp@village.org>, Adrian Chadd <adrian@FreeBSD.ORG>, freebsd-arch@FreeBSD.ORG Subject: Re: SysctlFS Message-ID: <Pine.BSF.4.21.0007150200240.2000-100000@gateway.posi.net> In-Reply-To: <Pine.NEB.3.96L.1000714235954.3234A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 15 Jul 2000, Robert Watson wrote: > On Fri, 14 Jul 2000, Dan Nelson wrote: > > > Would it be possible to have a symbolic link type that breaks out of a > > jail? So you would have a "/myjail/dev ->> /dev" link in the jail that > > ends up referring to the real /dev. This would also fix the /proc > > problem. You wouldn't want to link /myjail/usr/lib to /usr/lib, > > though, because the jailed root would be able to modify the binaries, > > but /dev and /proc seem safe. > > [ snip ] > > You could imagine a light-weight mountpoint technique based on a special > form of symlink, where the mountpoint is stared in the file system, > instead of in the kernel mount table. When such a symlink was hit, it > would be auto-followed. This is a lot like the behavior in Coda and AFS, > where mountpoints are actually symlinks to #volumename, only in that > environment, the protection model is compatible with that. You could > imagine symlinks to specific synthetic file systems, including > #system.procfs and #system.sysctlfs. When hit during a namei, it could > either be turned into a real vnode mountpoint, or follow into a special > table namespace. > > [ snip ] Maybe I am missing something obvious, but wouldn't a mount option to automatically export a given filesystem to all jails do the trick? Fundamental filesystems like procfs and devfs would typically be mounted with the option, while others were left to per-jail individual mounts. That is, of course, assuming we had room for more MNT_* flags. Kelly -- Kelly Yancey - kbyanc@posi.net - Belmont, CA System Administrator, eGroups.com http://www.egroups.com/ Maintainer, BSD Driver Database http://www.posi.net/freebsd/drivers/ Coordinator, Team FreeBSD http://www.posi.net/freebsd/Team-FreeBSD/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007150200240.2000-100000>