Date: Thu, 9 Oct 2003 17:37:50 -0400 From: Kenny Freeman <kennyf@pchg.net> To: kennyf@pchg.net, Lewis Thompson <purple@lewiz.info>, FreeBSD-questions <freebsd-questions@freebsd.org> Subject: Re: Jail FS questions. Message-ID: <200310091737.56392.kennyf@pchg.net> In-Reply-To: <200310091700.09658.kennyf@pchg.net> References: <20030803200948.GA10712@lewiz.org> <200310091700.09658.kennyf@pchg.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Boundary-02=_0Udh/1HstZDk8dt Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline err none /secure/files/mail /secure/internal/smtp/postfix/server/var/spool/mail= =20 nullfs rw,noexec,nosuid,nodev 0 0 same for the other entry - forgot the fs type... =2DKenny On October 9, 2003 05:00 pm, Kenny Freeman wrote: > I'm not sure about union fs, never had a real use for it yet.... I have a > similair setup as you. I have about 4 jails running so far (~8 more to go= ). > I've written a fairly large bash scipt to build the jails + configure them > automagically too. I've got a 120GB drive in that system, so for me I don= 't > really have a problem with space. What I use nullfs for is sharing data > between jails, for example: > > /secure/files/mail <- mail spools > > would be shared using: (/etc/crontab entries) > > none /secure/files/mail /secure/internal/smtp/postfix/server/var/spool/ma= il > rw,noexec,nosuid,nodev 0 0 > none /secure/files/mail /secure/internal/imap/courier/server/var/spool/ma= il > rw,noexec,nosuid,nodev 0 0 > > haven't really got these up and running yet (ie. I don't really know if > postfix + courier both work inside a jail). ATM I'm stuck on my file serv= er > jail, which may never work. I do have djbdns cache+server running. Anyway, > nullfs is great for "remounting" parts of the file system. I would not use > that to remount parts of the file system that have executables on them in > rw mode, only ro. You could mount the base / fs using nullfs onto the jail > / filesystem but this would be tricky because you would have to deal with > things like syslogd base + syslogd(s) jail both writing to /var/log/. You > could mount each directory using nullfs (/bin /sbin, etc) onto the jails > and I think this would work. I would note the warnings in the man pages > about this stuff being experimental tho. You could save space by using the > same executables and libs while having seperate /var/ /etc/ etc dirs in t= he > jail but it would be a bit of work to figure out what dirs to mount_nullfs > and what dirs to have as real dirs. Oh, btw, I know about as much about > fs's as you do too, so your milage may vary... > > -Kenny > > On August 3, 2003 04:09 pm, Lewis Thompson wrote: > > Hi, > > > > I currently have a bunch of jails running on my FreeBSD box. I've > > done this by making installworld a number of times, each time with a > > different DESTDIR (say /jail1, /jail2, /jail3). Clearly this is using a > > significant amount of space on the machine. > > > > I've been reading about unionfs and nullfs (well, more skim reading > > really; I'm not FS guru, which is why I'm asking here) and one of these > > sounds like it could be the idea solution. At first glance I'd say that > > unionfs would be the way to go. > > > > My question about unionfs: if I use this as a base dir for all of my > > jails and decide to ``upgrade'' the base system will it actually work? > > I mean, when I start installing stuff through the ports does it ever > > modify the base system in any way? If it does, then surely a base > > system upgrade will appear to leave the old ports-created files (because > > the upper layer changes override the lower unionfs fs). > > > > Secondly, I don't really understand nullfs. Would this be a > > ``better'' solution than using unionfs? Maybe it isn't even a solution, > > but if it is, a pointer to some useful articles would be great (aside > > man mount_nullfs; I've read that but don't fully understand). > > > > Thanks very much! > > > > -lewiz. --Boundary-02=_0Udh/1HstZDk8dt Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQA/hdU0pkWIXJRvi30RAgbJAKCZic66eLtcit99r4m2t9bP12Se9ACg0oc0 w7rro6EsmfldWCvZS3mtMPQ= =MapQ -----END PGP SIGNATURE----- --Boundary-02=_0Udh/1HstZDk8dt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200310091737.56392.kennyf>