Date: Sat, 15 Nov 2014 12:35:51 +0100 From: Nicolas Geniteau <nicolas@geniteau.com> To: Robert Sevat <robert@indylix.nl> Cc: freebsd-questions@freebsd.org Subject: Re: How much of freebsd can be made read-only in a jail Message-ID: <CADw3u-dwqZD3bsQrDyxpwkPNdTOhuBwOymzcLC71vMVvLNte=A@mail.gmail.com> In-Reply-To: <5466E135.80304@indylix.nl> References: <5466E135.80304@indylix.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Robert, First, I don't have any FreeBSD accessible now, so my answer will be quite imprecise. 2014-11-15 6:14 GMT+01:00 Robert Sevat <robert@indylix.nl>: > I've started using Ansible to make my life easier while managing a lot > of jails. Great, Ansible is a very usefull tool ! I never tried on FreeBSD, is it well supported ? > So my question is, how much can be made read-only? I already done this kind of things in the past. If my memory is good, I set all /tmp and /var RW and works well with almost services. You can probably be more restrictive, but, is it really usefull ? If I had to do this kind of thing now, I would try to do same as a diskless boot. https://www.freebsd.org/doc/handbook/network-diskless.html man diskless The /etc/rc.initdiskless script (or something like this), after mount / in RO by NFS, create a memory filesystem populated by a template for, generaly, /var and /etc (I can't explain why the diskless documentation say to do /etc too). Using this principe, no change on disk is possible, only in RAM. It seems to me that the script is well documented, you probably can adapt it to fill your needs. Regards, -- Nicolas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADw3u-dwqZD3bsQrDyxpwkPNdTOhuBwOymzcLC71vMVvLNte=A>