Date: Sat, 23 Apr 2005 03:54:36 +0000 From: "Jas arlerr" <jas_arlerr@hotmail.com> To: jeremie@le-hen.org Cc: joerg@britannica.bec.de Subject: Re: Configuration differences for jails Message-ID: <BAY2-F1861B2708897FB3B7E9FC1F22E0@phx.gbl> In-Reply-To: <20050422154140.GW91329@obiwan.tataz.chchile.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>From: Jeremie Le Hen <jeremie@le-hen.org> >To: Jas arlerr <jas_arlerr@hotmail.com> >CC: joerg@britannica.bec.de, freebsd-hackers@freebsd.org >Subject: Re: Configuration differences for jails >Date: Fri, 22 Apr 2005 17:41:40 +0200 > >Hi, > > > I am not very familar with mount_nullfs, but i think it is _one_ copy with > > _multiple_ references(FIXME).So if we modify something in one jail, the > > same effect will also impose on other jails,even the real machine. Due > > to this problem, readonly mounts may be a good choice. > >Usually, /bin and others are never modified, that's why it may be null >mounted readonly. If you want to be able to write to these directories >from inside the jail, there are two methods : > > - First is to use mount_unionfs(8) which will mount another > directory above the null mounted directory. Note that unionfs > is currently known to be broken, although there are no official > list of known bugs, AFAIK. Having a null mount AND an union > mount over it may perhaps introduce a non-negligible overhead, > I guess. > > - Make each jail have its own world. > > > BUT if we do some things related to the /etc files, such as passwd, ro > > mounts can not deal with this situation because different jails need > > different passwd files for private users. > > So I think this can only be done by making a copy of relevant files but not > > ro mounts. > >Once again, /etc is not intended to be null mounted. It contains >sensitive informations about the host that should not be published in >jails. You will have to use the "distribution" make target from >/usr/src/etc (see my previous email). I see! Thanks for your explanation! regards Jas _________________________________________________________________ 与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY2-F1861B2708897FB3B7E9FC1F22E0>