From owner-freebsd-current@FreeBSD.ORG Thu Apr 12 14:47:39 2007 Return-Path: X-Original-To: freebsd-current@FreeBSD.ORG Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id ECF4816A401 for ; Thu, 12 Apr 2007 14:47:39 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.freebsd.org (Postfix) with ESMTP id 93FC113C484 for ; Thu, 12 Apr 2007 14:47:39 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 36977475C2; Thu, 12 Apr 2007 10:47:38 -0400 (EDT) Date: Thu, 12 Apr 2007 15:47:38 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: freebsd-current@FreeBSD.ORG, ed@fxq.nl, ticso@cicely12.cicely.de In-Reply-To: <200704121238.l3CCcX9v070904@lurza.secnetix.de> Message-ID: <20070412154142.L99718@fledge.watson.org> References: <200704121238.l3CCcX9v070904@lurza.secnetix.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: Re: ZFS to support chflags? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Apr 2007 14:47:40 -0000 On Thu, 12 Apr 2007, Oliver Fromme wrote: > Ed Schouten wrote: > > Bernd Walter wrote: > > > E.g. hardlink system binaries over multiple jails flaged immuteable. > > > No jail can compromise the data in other jails, while still allowing > > > the kernel to share memory pages for it. > > > > There are nicer ways to do that as far as I know. Just read-only nullmount > > some kind of base install to another directory. > > Memory pages are not shared across different mounts, including nullmounts > (AFAIK), which was Bernd's point. So Bernd's solution is much better in > terms of memory usage, which is significant if you run a large number of > jails. This is a slightly vague statement. To be a bit more specific: there is a significant memory overhead to running nullfs, as all base file system vnodes have shadow vnodes. However, the VM objects, and hence file cache, are shared across the layers. If you mmap at one layer, you're getting the same pages as the underlying layer, for example. Robert N M Watson Computer Laboratory University of Cambridge