From owner-freebsd-stable  Fri Feb  9  5:23: 4 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP
	id 33FB037B69D; Fri,  9 Feb 2001 05:22:40 -0800 (PST)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id FAA04489;
	Fri, 9 Feb 2001 05:21:58 -0800
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda04487; Fri Feb  9 05:21:52 2001
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.11.2/8.9.1) id f19DLks59817;
	Fri, 9 Feb 2001 05:21:46 -0800 (PST)
Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com"
 via SMTP by passer9.cwsent.com, id smtpds59814; Fri Feb  9 05:21:03 2001
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.11.2/8.9.1) id f19DL3B84023;
	Fri, 9 Feb 2001 05:21:03 -0800 (PST)
Message-Id: <200102091321.f19DL3B84023@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdB84010; Fri Feb  9 05:20:15 2001
X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-Sender: schubert
To: Kris Kennaway <kris@obsecurity.org>
Cc: Attila Nagy <bra@fsn.hu>, freebsd-stable@FreeBSD.ORG,
	freebsd-hackers@FreeBSD.ORG
Subject: Re: mount_null and jail 
In-reply-to: Your message of "Thu, 08 Feb 2001 13:52:51 PST."
             <20010208135251.A48378@mollari.cthul.hu> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 09 Feb 2001 05:20:15 -0800
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <20010208135251.A48378@mollari.cthul.hu>, Kris Kennaway 
writes:
> On Thu, Feb 08, 2001 at 08:15:42PM +0100, Attila Nagy wrote:
> 
> > When I start jail I often get page faults.
> > Also I want to chroot() in the jail (ftp daemon) but it page faults in all
> > cases.
> 
> nullfs is broken in all versions prior to 5.0-CURRENT. This is even
> documented in the manpage. I don't know if there are any plans to
> backport the fixes, I understand they were fairly extensive.

Mount_union does work much better than mount_null on -STABLE systems.  
I've set up jails where I've had a read-only filesystem union mounted 
under a read/write filesystem allowing me to use the same base O/S 
files, except for sensitive files and directories, keeping the changed 
bits in the filesystem above the "base".


Regards,                         Phone:  (250)387-8437
Cy Schubert                        Fax:  (250)387-5766
Team Leader, Sun/Alpha Team   Internet:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message