Date: Tue, 2 Mar 2010 14:52:16 +0000 From: mark@coreland.ath.cx To: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no> Cc: Greg Larkin <glarkin@FreeBSD.org>, freebsd-hackers@FreeBSD.org Subject: Re: package building failure irritation Message-ID: <20100302145216.GA60987@logik.internal.network> In-Reply-To: <86aaurniuq.fsf@ds4.des.no> References: <20100226222113.GA14592@logik.internal.network> <4B884D48.90509@FreeBSD.org> <20100227093409.GA40858@logik.internal.network> <864ol0w4g5.fsf@ds4.des.no> <20100301135829.GB2219@logik.internal.network> <86zl2suo8n.fsf@ds4.des.no> <20100301161901.GC2219@logik.internal.network> <86635frhaa.fsf@ds4.des.no> <20100301220332.GB74816@logik.internal.network> <86aaurniuq.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2010-03-02 11:00:45, Dag-Erling Sm=F8rgrav wrote: > xorquewasp@googlemail.com writes: > > Basically, I have a ton of jails and each jail mounts a shared 'tmp', >=20 > That's not a good idea, there are too many opportunities for conflicts > (software that creates sockets and state directories with non-randomize= d > names in /tmp) and might even allow a compromised jail to compromise th= e > others. Don't panic. It's actually mounted at /shared_tmp as an explicit means for jails to communicate via the filesystem. In other words, it's known to be unsafe. I use it to sandbox programs to some extent (download a pdf on the host into /shared_tmp and open it in a pdf reader in a jail that has no network or other filesystem access). The jails also aren't externally accessible. > zfs set mountpoint=3D/jail/8.0-amd64-mk4 storage/jails/8.0/x86_64/mk4 >=20 > Children of storage/jails/8.0/x86_64/mk4 will inherit this property, so > they will automatically appear where you expect; alternatively, you can > set the mountpoint property for each individual fileset. I see. Is it possible to define multiple mountpoints (to emulate what nullfs provides)? xw
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100302145216.GA60987>