Configuration differences for jails
Joan Picanyol i Puig
lists-freebsd-hackers at biaix.org
Wed Apr 20 08:12:11 PDT 2005
* Jeremie Le Hen <jeremie at le-hen.org> [20050420 16:37]:
> > Now with some distance, I must admit that all this gymnastic is quite
> > boring. I now decided to run two virtual hosts as they are managed in
> > a very natural way. These two hosts are just like two real boxes, one
> > running Bind and the other one running Postfix. When I need to update
> > something in the configuration, I login to the box with ssh(1). This
> > take some more memory and in principle no CPU as all processes are
> > sleeping most of the time.
>
> I forgotten to explain that using virtual hosts require some
> administration too in order to avoid wasting disk space. The jail(8)
> manual page advices to make world with DESTDIR set. I prefer using
> null mounts as it doesn't require additional disk space and an upgrade
> of the host will automagically upgrade virtual hosts. You will
> nevertheless have to make distribution and distrib-dirs. Here are the
> directories I advice you to share :
> /bin /sbin /lib /libexec
> /usr/bin /usr/sbin /usr/lib /usr/libexec /usr/libdata /usr/share
> /usr/doc /usr/compat /usr/ports
I'm trying to untangle myself on this issue. I have different
filesystems for /, /usr, and /usr/local, mounted in unusual places:
504,p0,1$ ls -l /usr{,/X11R6,/local}
lrwxr-xr-x 1 root wheel 18 7 nov 2003 /usr -> fs/base/mount/usr/
lrwxr-xr-x 1 root wheel 25 8 nov 2003 /usr/X11R6 ->
../../../apps/mount/X11R6
lrwxr-xr-x 1 root wheel 25 18 abr 20:40 /usr/local ->
../../../apps/mount/local
I know I want to share /usr, but not /usr/local, and only parts of /. So
I mount_unionfs /fs/base inside the jail:
<above>:/fs/base/mount on /fs/jaildata/mount/fs/base/mount (unionfs,
local, read-only, noclusterw)
But this way I don't get the "automagically upgrade virtual hosts"
behaviour I want, since I'm missing /{,s}bin, /lib and /libexec and I
definitely don't want to share /etc.
I don't think it's easy to take /etc/ outside the root fs, but I don't
see how to share /bin or /lib without leaking info.
How do you handle this? What are those distribution targets and how can
I use them?
tks
--
pica
More information about the freebsd-hackers
mailing list