Date: Wed, 20 Apr 2005 18:56:00 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: freebsd-hackers@freebsd.org Subject: Re: Configuration differences for jails Message-ID: <20050420165559.GI91329@obiwan.tataz.chchile.org> In-Reply-To: <20050420151104.GA11753@grummit.biaix.org> References: <BAY2-F389017D4F55242220F49FFF22B0@phx.gbl> <20050420135013.GE91329@obiwan.tataz.chchile.org> <20050420143715.GF91329@obiwan.tataz.chchile.org> <20050420151104.GA11753@grummit.biaix.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm trying to untangle myself on this issue. I have different
> filesystems for /, /usr, and /usr/local, mounted in unusual places:
>
> 504,p0,1$ ls -l /usr{,/X11R6,/local}
> lrwxr-xr-x 1 root wheel 18 7 nov 2003 /usr -> fs/base/mount/usr/
> lrwxr-xr-x 1 root wheel 25 8 nov 2003 /usr/X11R6 ->
> ../../../apps/mount/X11R6
> lrwxr-xr-x 1 root wheel 25 18 abr 20:40 /usr/local ->
> ../../../apps/mount/local
>
> I know I want to share /usr, but not /usr/local, and only parts of /. So
> I mount_unionfs /fs/base inside the jail:
>
> <above>:/fs/base/mount on /fs/jaildata/mount/fs/base/mount (unionfs,
> local, read-only, noclusterw)
>
mount_nullfs(8) will mount one directory and all its content onto another
one, but there is no way to exclude one of the subdirectory. You
will instead have to mount each subdirectory you need, not more. One
other way do achieve this is to make a second null mount over the
directory you don't wan't to share (/usr/local) but I'm not aware of
the consequences of such setup in term of performance and stability.
> But this way I don't get the "automagically upgrade virtual hosts"
> behaviour I want, since I'm missing /{,s}bin, /lib and /libexec and I
> definitely don't want to share /etc.
You won't have a one to one mapping between jail and null mounts. There
are generally multiple null mounts for a unique jail.
Considering your jail root is /jail/test, and you enabled the
jail_$jail_mount (jail_test_mount here) rc.conf(5) variable, here is
the content of /etc/fstab.test :
%%%
/bin /jail/test/bin nullfs ro 0 0
/sbin /jail/test/sbin nullfs ro 0 0
/lib /jail/test/lib nullfs ro 0 0
/libexec /jail/test/libexec nullfs ro 0 0
/usr/bin /jail/test/usr/bin nullfs ro 0 0
/usr/sbin /jail/test/usr/sbin nullfs ro 0 0
/usr/lib /jail/test/usr/lib nullfs ro 0 0
/usr/libexec /jail/test/usr/libexec nullfs ro 0 0
/usr/libdata /jail/test/usr/libdata nullfs ro 0 0
/usr/share /jail/test/usr/share nullfs ro 0 0
/usr/compat /jail/test/usr/compat nullfs ro 0 0
%%%
> I don't think it's easy to take /etc/ outside the root fs, but I don't
> see how to share /bin or /lib without leaking info.
>
> How do you handle this? What are those distribution targets and how can
> I use them?
As I said above, null mount each directory.
Regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050420165559.GI91329>