From owner-freebsd-current@FreeBSD.ORG Fri Jun 2 05:26:59 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B9D7B16AA5F for ; Fri, 2 Jun 2006 05:26:59 +0000 (UTC) (envelope-from meianoite@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2AABC43D48 for ; Fri, 2 Jun 2006 05:26:56 +0000 (GMT) (envelope-from meianoite@gmail.com) Received: by nz-out-0102.google.com with SMTP id m7so434814nzf for ; Thu, 01 Jun 2006 22:26:55 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=j7VF7MDcIhhNp+bKHghRZIXe2UeX+yLFwmKt67/7sQpl+XA8ro+p8HXPOPiwHlgW1Kh/goDx40DsFM+sS+l5He7V1ywI81BKhKvUgUtUwJCPhZ61M4H8hfCi1Wg0gd3wIqcRcUlCWhlnA9Zb1mopsMsfvhaN8Zu7R1tVLXLVueU= Received: by 10.36.160.15 with SMTP id i15mr1872922nze; Thu, 01 Jun 2006 22:26:55 -0700 (PDT) Received: by 10.36.113.7 with HTTP; Thu, 1 Jun 2006 22:26:55 -0700 (PDT) Message-ID: <2ad73a0606012226h75e03deck653c34f98e98233c@mail.gmail.com> Date: Fri, 2 Jun 2006 02:26:55 -0300 From: "=?ISO-8859-1?Q?Andr=E9_Braga?=" To: "Robert Watson" In-Reply-To: <20060601133410.M37536@fledge.watson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <4417DD8D.3050201@freebsd.org> <4433CA53.5050000@freebsd.org> <444E13BA.8050902@freebsd.org> <4475C119.1020305@freebsd.org> <447C919B.20303@freebsd.org> <86bqteikj4.fsf@xps.des.no> <20060531133814.acykloyqhkcccg80@netchild.homeip.net> <2ad73a0605311125h7ac8a927t33bbfadf9fe18c33@mail.gmail.com> <20060601133410.M37536@fledge.watson.org> X-Mailman-Approved-At: Fri, 02 Jun 2006 11:27:37 +0000 Cc: ozawa@ongs.co.jp, dkirhlarov@oilspace.com, freebsd-hackers@freebsd.org, =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= , Daichi GOTO , freebsd-fs@freebsd.org, freebsd-current@freebsd.org, kris@obsecurity.org, Alexander Leidinger Subject: Re: [ANN] unionfs patchset-13 release X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Jun 2006 05:26:59 -0000 On 6/1/06, Robert Watson wrote: > On Wed, 31 May 2006, Andr=E9 Braga wrote: [snip] > > I also have this feeling that ACLs also aren't respected inside > > jails or can be overwritten as easily as shown below > > By "ACLs also aren't respected inside jails", do you mean, "ACLs don't wo= rk in > jail", or do you mean, "ACLs don't work with unionfs"? They are believed > firmly to work with jail, and if you have evidence to the contrary, a PR > pointer would be greatly appreciated so it can be investigated. s/"jails"/"unionfs with the -b option". Sorry. I intended to use unionfs to keep a single "pristine" tree with nothing but what installword/distribution puts in there, and then layer several other mountpoints on top of it to handle several jails, each to every service my server would offer: web, mail, database, RADIUS, LDAP and user's home directories. This works best by mounting the pristine tree *below* those mountpoints. However, as demonstrated by the test case on my previous message, more sophisticated access control mechanisms, like immutable flags, are not handled by the patchset as per the -p11 version (and I still don't know whether this behaviour was fixed on subsequent patches up to -p13. Would someone enlighten me?). This is why I mentioned that ACLs are probably not correctly handled by "unionfs with the mount below option" either. This has nothing to do with jails per se, but to unionfs. Sorry if I alarmed anyone :)