From owner-freebsd-current@FreeBSD.ORG Thu Apr 12 12:38:40 2007 Return-Path: X-Original-To: freebsd-current@FreeBSD.ORG Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id AC29516A408 for ; Thu, 12 Apr 2007 12:38:40 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.freebsd.org (Postfix) with ESMTP id 3127C13C483 for ; Thu, 12 Apr 2007 12:38:39 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (hobmtu@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.4/8.13.4) with ESMTP id l3CCcXOY070905; Thu, 12 Apr 2007 14:38:38 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.4/8.13.1/Submit) id l3CCcX9v070904; Thu, 12 Apr 2007 14:38:33 +0200 (CEST) (envelope-from olli) Date: Thu, 12 Apr 2007 14:38:33 +0200 (CEST) Message-Id: <200704121238.l3CCcX9v070904@lurza.secnetix.de> From: Oliver Fromme To: freebsd-current@FreeBSD.ORG, ed@fxq.nl, ticso@cicely12.cicely.de In-Reply-To: <20070412120341.GE45949@hoeg.nl> X-Newsgroups: list.freebsd-current User-Agent: tin/1.8.2-20060425 ("Shillay") (UNIX) (FreeBSD/4.11-STABLE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Thu, 12 Apr 2007 14:38:38 +0200 (CEST) Cc: Subject: Re: ZFS to support chflags? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-current@FreeBSD.ORG, ed@fxq.nl, ticso@cicely12.cicely.de List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Apr 2007 12:38:40 -0000 Ed Schouten wrote: > Bernd Walter wrote: > > E.g. hardlink system binaries over multiple jails flaged immuteable. > > No jail can compromise the data in other jails, while still allowing > > the kernel to share memory pages for it. > > There are nicer ways to do that as far as I know. Just read-only > nullmount some kind of base install to another directory. Memory pages are not shared across different mounts, including nullmounts (AFAIK), which was Bernd's point. So Bernd's solution is much better in terms of memory usage, which is significant if you run a large number of jails. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "If you aim the gun at your foot and pull the trigger, it's UNIX's job to ensure reliable delivery of the bullet to where you aimed the gun (in this case, Mr. Foot)." -- Terry Lambert, FreeBSD-hackers mailing list.