From owner-freebsd-questions@FreeBSD.ORG Thu Oct 9 14:38:31 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1705616A4BF for ; Thu, 9 Oct 2003 14:38:31 -0700 (PDT) Received: from tomts12-srv.bellnexxia.net (tomts12.bellnexxia.net [209.226.175.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id A2A3643FA3 for ; Thu, 9 Oct 2003 14:38:26 -0700 (PDT) (envelope-from kennyf@pchg.net) Received: from odin.k33z.net ([67.71.126.44]) by tomts12-srv.bellnexxia.net (InterMail vM.5.01.06.04 201-253-122-130-104-20030726) with ESMTP id <20031009213813.EYQ904.tomts12-srv.bellnexxia.net@odin.k33z.net>; Thu, 9 Oct 2003 17:38:13 -0400 From: Kenny Freeman To: kennyf@pchg.net, Lewis Thompson , FreeBSD-questions Date: Thu, 9 Oct 2003 17:37:50 -0400 User-Agent: KMail/1.5.4 References: <20030803200948.GA10712@lewiz.org> <200310091700.09658.kennyf@pchg.net> In-Reply-To: <200310091700.09658.kennyf@pchg.net> Organization: PCHG Internet Solutions MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_0Udh/1HstZDk8dt"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200310091737.56392.kennyf@pchg.net> Subject: Re: Jail FS questions. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: kennyf@pchg.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Oct 2003 21:38:31 -0000 --Boundary-02=_0Udh/1HstZDk8dt Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline err none /secure/files/mail /secure/internal/smtp/postfix/server/var/spool/mail= =20 nullfs rw,noexec,nosuid,nodev 0 0 same for the other entry - forgot the fs type... =2DKenny On October 9, 2003 05:00 pm, Kenny Freeman wrote: > I'm not sure about union fs, never had a real use for it yet.... I have a > similair setup as you. I have about 4 jails running so far (~8 more to go= ). > I've written a fairly large bash scipt to build the jails + configure them > automagically too. I've got a 120GB drive in that system, so for me I don= 't > really have a problem with space. What I use nullfs for is sharing data > between jails, for example: > > /secure/files/mail <- mail spools > > would be shared using: (/etc/crontab entries) > > none /secure/files/mail /secure/internal/smtp/postfix/server/var/spool/ma= il > rw,noexec,nosuid,nodev 0 0 > none /secure/files/mail /secure/internal/imap/courier/server/var/spool/ma= il > rw,noexec,nosuid,nodev 0 0 > > haven't really got these up and running yet (ie. I don't really know if > postfix + courier both work inside a jail). ATM I'm stuck on my file serv= er > jail, which may never work. I do have djbdns cache+server running. Anyway, > nullfs is great for "remounting" parts of the file system. I would not use > that to remount parts of the file system that have executables on them in > rw mode, only ro. You could mount the base / fs using nullfs onto the jail > / filesystem but this would be tricky because you would have to deal with > things like syslogd base + syslogd(s) jail both writing to /var/log/. You > could mount each directory using nullfs (/bin /sbin, etc) onto the jails > and I think this would work. I would note the warnings in the man pages > about this stuff being experimental tho. You could save space by using the > same executables and libs while having seperate /var/ /etc/ etc dirs in t= he > jail but it would be a bit of work to figure out what dirs to mount_nullfs > and what dirs to have as real dirs. Oh, btw, I know about as much about > fs's as you do too, so your milage may vary... > > -Kenny > > On August 3, 2003 04:09 pm, Lewis Thompson wrote: > > Hi, > > > > I currently have a bunch of jails running on my FreeBSD box. I've > > done this by making installworld a number of times, each time with a > > different DESTDIR (say /jail1, /jail2, /jail3). Clearly this is using a > > significant amount of space on the machine. > > > > I've been reading about unionfs and nullfs (well, more skim reading > > really; I'm not FS guru, which is why I'm asking here) and one of these > > sounds like it could be the idea solution. At first glance I'd say that > > unionfs would be the way to go. > > > > My question about unionfs: if I use this as a base dir for all of my > > jails and decide to ``upgrade'' the base system will it actually work? > > I mean, when I start installing stuff through the ports does it ever > > modify the base system in any way? If it does, then surely a base > > system upgrade will appear to leave the old ports-created files (because > > the upper layer changes override the lower unionfs fs). > > > > Secondly, I don't really understand nullfs. Would this be a > > ``better'' solution than using unionfs? Maybe it isn't even a solution, > > but if it is, a pointer to some useful articles would be great (aside > > man mount_nullfs; I've read that but don't fully understand). > > > > Thanks very much! > > > > -lewiz. --Boundary-02=_0Udh/1HstZDk8dt Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQA/hdU0pkWIXJRvi30RAgbJAKCZic66eLtcit99r4m2t9bP12Se9ACg0oc0 w7rro6EsmfldWCvZS3mtMPQ= =MapQ -----END PGP SIGNATURE----- --Boundary-02=_0Udh/1HstZDk8dt--