From owner-freebsd-stable  Sun Apr 14 10:18: 1 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68])
	by hub.freebsd.org (Postfix) with ESMTP id 2820937B400
	for <stable@FreeBSD.ORG>; Sun, 14 Apr 2002 10:17:54 -0700 (PDT)
Received: from localhost (marck@localhost)
	by woozle.rinet.ru (8.11.6/8.11.6) with ESMTP id g3EHHqV11123
	for <stable@FreeBSD.ORG>; Sun, 14 Apr 2002 21:17:52 +0400 (MSD)
	(envelope-from marck@rinet.ru)
Date: Sun, 14 Apr 2002 21:17:52 +0400 (MSD)
From: Dmitry Morozovsky <marck@rinet.ru>
To: stable@FreeBSD.ORG
Subject: jails and local-NFS /usr
Message-ID: <20020414210723.X7299-100000@woozle.rinet.ru>
X-NCC-RegID: ru.rinet
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

Hello there colleagues,

I'm planning to play with jail(8) etc to deploy this facility for our
hosting services, and now looking at the ability to use NFS from jailed
pseudo-machine to host.

I'd think of making special filesystem with restricted set of binaries and
export it as a local-NFS partition to be mounted readonly as jailed /usr.

However, there's a couple of sentenses in jail(8) manpage, and especially:

>Attempting to serve NFS from the host environment may also cause
>confusion, and cannot be easily reconfigured to use only specific IPs, as
>some NFS services are hosted directly from the kernel.

Is it still true, and if yes, are there any plans to improve this?

(as a side note: why portmap binds to TCP socket with 0.0.0.0 ip address?
portmasp.c, lines around 206 as of 1.10.2.2)

Thanks in advace.

Sincerely,
D.Marck                                   [DM5020, DM268-RIPE, DM3-RIPN]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru ***
------------------------------------------------------------------------


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message