Date: Wed, 20 Apr 2005 17:11:04 +0200 From: Joan Picanyol i Puig <lists-freebsd-hackers@biaix.org> To: freebsd-hackers@freebsd.org Subject: Re: Configuration differences for jails Message-ID: <20050420151104.GA11753@grummit.biaix.org> In-Reply-To: <20050420143715.GF91329@obiwan.tataz.chchile.org> References: <BAY2-F389017D4F55242220F49FFF22B0@phx.gbl> <20050420135013.GE91329@obiwan.tataz.chchile.org> <20050420143715.GF91329@obiwan.tataz.chchile.org>
next in thread | previous in thread | raw e-mail | index | archive | help
* Jeremie Le Hen <jeremie@le-hen.org> [20050420 16:37]: > > Now with some distance, I must admit that all this gymnastic is quite > > boring. I now decided to run two virtual hosts as they are managed in > > a very natural way. These two hosts are just like two real boxes, one > > running Bind and the other one running Postfix. When I need to update > > something in the configuration, I login to the box with ssh(1). This > > take some more memory and in principle no CPU as all processes are > > sleeping most of the time. > > I forgotten to explain that using virtual hosts require some > administration too in order to avoid wasting disk space. The jail(8) > manual page advices to make world with DESTDIR set. I prefer using > null mounts as it doesn't require additional disk space and an upgrade > of the host will automagically upgrade virtual hosts. You will > nevertheless have to make distribution and distrib-dirs. Here are the > directories I advice you to share : > /bin /sbin /lib /libexec > /usr/bin /usr/sbin /usr/lib /usr/libexec /usr/libdata /usr/share > /usr/doc /usr/compat /usr/ports I'm trying to untangle myself on this issue. I have different filesystems for /, /usr, and /usr/local, mounted in unusual places: 504,p0,1$ ls -l /usr{,/X11R6,/local} lrwxr-xr-x 1 root wheel 18 7 nov 2003 /usr -> fs/base/mount/usr/ lrwxr-xr-x 1 root wheel 25 8 nov 2003 /usr/X11R6 -> ../../../apps/mount/X11R6 lrwxr-xr-x 1 root wheel 25 18 abr 20:40 /usr/local -> ../../../apps/mount/local I know I want to share /usr, but not /usr/local, and only parts of /. So I mount_unionfs /fs/base inside the jail: <above>:/fs/base/mount on /fs/jaildata/mount/fs/base/mount (unionfs, local, read-only, noclusterw) But this way I don't get the "automagically upgrade virtual hosts" behaviour I want, since I'm missing /{,s}bin, /lib and /libexec and I definitely don't want to share /etc. I don't think it's easy to take /etc/ outside the root fs, but I don't see how to share /bin or /lib without leaking info. How do you handle this? What are those distribution targets and how can I use them? tks -- pica
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050420151104.GA11753>