Configuration differences for jails

Jas arlerr jas_arlerr at hotmail.com
Fri Apr 22 20:54:36 PDT 2005



>From: Jeremie Le Hen <jeremie at le-hen.org>
>To: Jas arlerr <jas_arlerr at hotmail.com>
>CC: joerg at britannica.bec.de, freebsd-hackers at freebsd.org
>Subject: Re: Configuration differences for jails
>Date: Fri, 22 Apr 2005 17:41:40 +0200
>
>Hi,
>
> > I am not very familar with mount_nullfs, but i think it is _one_ copy 
with
> > _multiple_ references(FIXME).So if we modify something in one jail, the
> > same effect will also impose on other jails,even the real machine. Due
> > to this problem, readonly mounts may be a good choice.
>
>Usually, /bin and others are never modified, that's why it may be null
>mounted readonly.  If you want to be able to write to these directories
>from inside the jail, there are two methods :
>
>     - First is to use mount_unionfs(8) which will mount another
>       directory above the null mounted directory.  Note that unionfs
>       is currently known to be broken, although there are no official
>       list of known bugs, AFAIK.  Having a null mount AND an union
>       mount over it may perhaps introduce a non-negligible overhead,
>       I guess.
>
>     - Make each jail have its own world.
>
> > BUT if we do some things related to the /etc files, such as passwd, ro
> > mounts can not deal with this situation because different jails need
> > different passwd files for private users.
> > So I think this can only be done by making a copy of relevant files but 
not
> > ro mounts.
>
>Once again, /etc is not intended to be null mounted.  It contains
>sensitive informations about the host that should not be published in
>jails.  You will have to use the "distribution" make target from
>/usr/src/etc (see my previous email).

I see! 
Thanks for your explanation!

regards
Jas

_________________________________________________________________
ÓëÁª»úµÄÅóÓѽøÐн»Á÷£¬ÇëʹÓà MSN Messenger: http://messenger.msn.com/cn 



More information about the freebsd-hackers mailing list