From owner-freebsd-current@FreeBSD.ORG Thu Apr 12 13:49:20 2007 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F15A416A405 for ; Thu, 12 Apr 2007 13:49:20 +0000 (UTC) (envelope-from ticso@cicely12.cicely.de) Received: from raven.bwct.de (raven.bwct.de [85.159.14.73]) by mx1.freebsd.org (Postfix) with ESMTP id 6448C13C44C for ; Thu, 12 Apr 2007 13:49:20 +0000 (UTC) (envelope-from ticso@cicely12.cicely.de) Received: from cicely5.cicely.de ([10.1.1.7]) by raven.bwct.de (8.13.4/8.13.4) with ESMTP id l3CDnIWR054567; Thu, 12 Apr 2007 15:49:18 +0200 (CEST) (envelope-from ticso@cicely12.cicely.de) Received: from cicely12.cicely.de (cicely12.cicely.de [10.1.1.14]) by cicely5.cicely.de (8.13.4/8.13.4) with ESMTP id l3CDnAIV035335 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 12 Apr 2007 15:49:11 +0200 (CEST) (envelope-from ticso@cicely12.cicely.de) Received: from cicely12.cicely.de (localhost [127.0.0.1]) by cicely12.cicely.de (8.13.4/8.13.3) with ESMTP id l3CDnANa034857; Thu, 12 Apr 2007 15:49:10 +0200 (CEST) (envelope-from ticso@cicely12.cicely.de) Received: (from ticso@localhost) by cicely12.cicely.de (8.13.4/8.13.3/Submit) id l3CDnAZi034856; Thu, 12 Apr 2007 15:49:10 +0200 (CEST) (envelope-from ticso) Date: Thu, 12 Apr 2007 15:49:09 +0200 From: Bernd Walter To: Kostik Belousov Message-ID: <20070412134909.GW30772@cicely12.cicely.de> References: <20070412120341.GE45949@hoeg.nl> <200704121238.l3CCcX9v070904@lurza.secnetix.de> <20070412125524.GZ308@deviant.kiev.zoral.com.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070412125524.GZ308@deviant.kiev.zoral.com.ua> X-Operating-System: FreeBSD cicely12.cicely.de 5.4-STABLE alpha User-Agent: Mutt/1.5.9i X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED=-1.8, BAYES_00=-2.599 autolearn=ham version=3.1.7 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on cicely12.cicely.de Cc: ticso@cicely12.cicely.de, freebsd-current@freebsd.org, ed@fxq.nl Subject: Re: ZFS to support chflags? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ticso@cicely.de List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Apr 2007 13:49:21 -0000 On Thu, Apr 12, 2007 at 03:55:24PM +0300, Kostik Belousov wrote: > On Thu, Apr 12, 2007 at 02:38:33PM +0200, Oliver Fromme wrote: > > Ed Schouten wrote: > > > Bernd Walter wrote: > > > > E.g. hardlink system binaries over multiple jails flaged immuteable. > > > > No jail can compromise the data in other jails, while still allowing > > > > the kernel to share memory pages for it. > > > > > > There are nicer ways to do that as far as I know. Just read-only > > > nullmount some kind of base install to another directory. > > > > Memory pages are not shared across different mounts, > > including nullmounts (AFAIK), which was Bernd's point. > > So Bernd's solution is much better in terms of memory > > usage, which is significant if you run a large number > > of jails. > > Pages are shared for file mmaped from different null mounts. I wasn't aware of this - that's good. But there are still other interesting benefits of extended flags in jails, such as append-only for logfiles, etc... Unlike the old securelevel mechanism the files can still be rotated outside the jails. -- B.Walter http://www.bwct.de http://www.fizon.de bernd@bwct.de info@bwct.de support@fizon.de