Date: Fri, 7 Mar 2003 20:30:59 +0300 (MSK) From: Dmitry Morozovsky <marck@rinet.ru> To: Arthur Chance <arthur-list-bsd@erewhon.demon.co.uk> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: jails update Message-ID: <20030307202738.I55014@woozle.rinet.ru> In-Reply-To: <873cm074vr.fsf@pooh.wired.qeng-ho.org> References: <m3znoa8543.fsf@teg.local> <20030305135652.GA83413@ei.bzerk.org> <m3u1ehuc9w.fsf@teg.local> <020c01c2e340$ee8f5c60$19fd2fd8@westbend.net> <m31y1l1xcz.fsf@teg.local> <20030306140038.M43664@woozle.rinet.ru> <873cm074vr.fsf@pooh.wired.qeng-ho.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 6 Mar 2003, Arthur Chance wrote: AC> > FT> One problem with the DESTDIR approach may be the use of AC> > FT> symlinks by a jail administrator - if there are symlinks set for AC> > FT> directories containing the binaries you may overwrite the hosts AC> > FT> directories. Maybe "make installworld" does a check for this too - I AC> > FT> didn't look at it. AC> > AC> > We avoid this (and the whole need to update multiple jails) by installing to AC> > dedicated partition and the do multiple read-only null mounts, so each jail has AC> > perfectly equal read-only /usr (with symlinks outside to /home, /local, etc) AC> AC> I'm probably misreading this as I'm only just starting to look at the AC> jail facilities but are you saying symlinks from inside a jail to AC> outside it work within the jail? Doesn't that defeat the entire point? AC> Or are you saying /usr/local is e.g. a symlink to /local and you have AC> a different /local per jail and one for the host as well? Sorry for clarifying not enough ;-) Of course, /local, /home etc are slashed relative to each jail root. Actually, jail's /usr/local is a symlink to ../local (to make it work even for the host machine environment), etc. And, of course, you are right, the main purpose of jails is to hide outside file tree from jail environment. Sincerely, D.Marck [DM5020, DM268-RIPE, DM3-RIPN] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030307202738.I55014>