Date: Fri, 9 Feb 2001 02:34:27 +0300 (MSK) From: "Aleksandr A.Babaylov" <babolo@links.ru> To: bra@fsn.hu (Attila Nagy) Cc: freebsd-stable@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG Subject: Re: mount_null and jail Message-ID: <200102082334.CAA13382@aaz.links.ru> In-Reply-To: <Pine.BSO.4.33.0102081958390.15120-100000@k2.jozsef.kando.hu> from "Attila Nagy" at "Feb 8, 1 08:15:42 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Attila Nagy writes:
> Hello,
>
> I am trying to do the following setup:
>
> /jail
> /jail-run
>
> The first is a directory in a filesystem and holds the necessary files to
> run the given application. The second directory is also a simple directory
> but /jail mounted into it with mount_null.
>
> The command I use to mount the first dir into the second is:
> mount_null -o ro /jail/something /jail-run/something
>
> The purpose of this setup is to create jails within a standard UFS
> filesystem and to mount the directories read-only and run jailed
> applications in it, on a read-only partition.
> This wayI don't need several partitions, mounted RO and I don't have to
> create loopback filesystems or to do other magic (like a mounted ISO).
>
> The problem.
>
> When I start jail I often get page faults.
> Also I want to chroot() in the jail (ftp daemon) but it page faults in all
> cases.
>
> So
> outside# jail /jail-run/something something 127.0.0.1 /bin/sh
> often works and the jail starts (/jail-run is a NULL filesystem), but
>
> inside# chroot
> drops me a page fault and restarts the machine in every cases.
>
> I've tried out this on 4.2-RELEASE and 4.2-STABLE (05/02/2001) -RELEASE
> with a GENERIC and -STABLE with a custom kernel and all of them fail to
> survive jail and chroot on a NULL FS.
>
> Could somebody give me hints on this? I think it's a general problem and
> the problem is the use of the NULL FS, but how could I avoid this kind of
> crashes?
Yes, you can use nullfs very restrictive.
I use such a method instead:
0garkin~(5)>df
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/ad0s2h 7993324 440694 6913165 6% /usr
...
/dev/ad0s3a 7993324 439767 6914092 6% /jail/pent/usr
/usr and /jail/pent/usr is the same file system:
0garkin~(7)>fdisk ad0
******* Working on device /dev/ad0 *******
parameters extracted from in-core disklabel are:
cylinders=89355 heads=16 sectors/track=63 (1008 blks/cyl)
...
The data for partition 2 is:
sysid 165,(FreeBSD/NetBSD/386BSD)
start 25041744, size 65028096 (31752 Meg), flag 0
beg: cyl 267/ sector 1/ head 0;
end: cyl 266/ sector 63/ head 15
The data for partition 3 is:
sysid 0,(unused)
start 73812816, size 16257024 (7938 Meg), flag 0
beg: cyl 523/ sector 1/ head 0;
end: cyl 266/ sector 63/ head 15
ad0s3 is inside ad0s2 and:
0garkin~(8)>disklabel ad0s2
...
# size offset fstype [fsize bsize bps/cpg]
c: 65028096 0 unused 0 0 # (Cyl. 0 - 4047*)
d: 16257024 0 4.2BSD 0 0 0 # (Cyl. 0 - 1011*)
e: 8128512 16257024 4.2BSD 0 0 0 # (Cyl. 1011*- 1517*)
f: 8128512 24385536 4.2BSD 0 0 0 # (Cyl. 1517*- 2023*)
g: 16257024 32514048 4.2BSD 0 0 0 # (Cyl. 2023*- 3035*)
h: 16257024 48771072 4.2BSD 0 0 0 # (Cyl. 3035*- 4047*)
ad0s3 ocupies the same place as ad0s2h.
More of that:
0garkin~(9)>fdisk ad0s3
******* Working on device /dev/ad0s3 *******
parameters extracted from in-core disklabel are:
cylinders=16128 heads=16 sectors/track=63 (1008 blks/cyl)
Figures below won't work with BIOS for partitions not in cyl 1
parameters to be used for BIOS calculations are:
cylinders=16128 heads=16 sectors/track=63 (1008 blks/cyl)
Media sector size is 512
Warning: BIOS sector numbering starts with sector 1
Information from DOS bootblock is:
The data for partition 1 is:
sysid 165,(FreeBSD/NetBSD/386BSD)
start 0, size 16257024 (7938 Meg), flag 80 (active)
beg: cyl 0/ sector 1/ head 0;
end: cyl 767/ sector 63/ head 15
The data for partition 2 is:
sysid 165,(FreeBSD/NetBSD/386BSD)
start 0, size 16257024 (7938 Meg), flag 0
beg: cyl 0/ sector 1/ head 0;
end: cyl 767/ sector 63/ head 15
The data for partition 3 is:
sysid 165,(FreeBSD/NetBSD/386BSD)
start 0, size 16257024 (7938 Meg), flag 0
beg: cyl 0/ sector 1/ head 0;
end: cyl 767/ sector 63/ head 15
The data for partition 4 is:
sysid 5,(Extended DOS)
start 0, size 16257024 (7938 Meg), flag 0
beg: cyl 0/ sector 1/ head 0;
end: cyl 767/ sector 63/ head 15
0garkin~(10)>disklabel ad0s3
...
# size offset fstype [fsize bsize bps/cpg]
a: 16257024 0 4.2BSD 1024 8192 63 # (Cyl. 0 - 16127)
b: 16257024 0 4.2BSD 1024 8192 63 # (Cyl. 0 - 16127)
c: 16257024 0 4.2BSD 1024 8192 63 # (Cyl. 0 - 16127)
d: 16257024 0 4.2BSD 1024 8192 63 # (Cyl. 0 - 16127)
e: 16257024 0 4.2BSD 1024 8192 63 # (Cyl. 0 - 16127)
f: 16257024 0 4.2BSD 1024 8192 63 # (Cyl. 0 - 16127)
g: 16257024 0 4.2BSD 1024 8192 63 # (Cyl. 0 - 16127)
h: 16257024 0 4.2BSD 1024 8192 63 # (Cyl. 0 - 16127)
so your can use any of ad0s3[a-h] for read only mount in different jails safely.
More of that - you can play with partition type of ad0s3 - just set it 5
(extended DOS) - and ad0s5..ad0s30 all have the same file systems a thru h
for read only mount into jails. But this is not so safely becouse of
recursion thru Extended DOS partitions and not every FreeBSD version
can work in such a way.
And, of cause, nfs is possible (almoust) too.
But if use nfs self mounted partitions order of start nfs client and nfs server
in /etc/rc must be reversed.
--
@BABOLO http://links.ru/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102082334.CAA13382>