From owner-freebsd-security  Wed May 17 15: 2:38 2000
Delivered-To: freebsd-security@freebsd.org
Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id D6A5A37BDB3; Wed, 17 May 2000 15:02:34 -0700 (PDT)
	(envelope-from gdonl@tsc.tdk.com)
Received: from imap.gv.tsc.tdk.com (imap.gv.tsc.tdk.com [192.168.241.198])
	by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id PAA09830;
	Wed, 17 May 2000 15:02:34 -0700 (PDT)
	(envelope-from gdonl@tsc.tdk.com)
Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194])
	by imap.gv.tsc.tdk.com (8.9.3/8.9.3) with ESMTP id PAA30169;
	Wed, 17 May 2000 15:02:33 -0700 (PDT)
	(envelope-from Don.Lewis@tsc.tdk.com)
Received: (from gdonl@localhost)
	by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id PAA01574;
	Wed, 17 May 2000 15:02:33 -0700 (PDT)
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Message-Id: <200005172202.PAA01574@salsa.gv.tsc.tdk.com>
Date: Wed, 17 May 2000 15:02:33 -0700
In-Reply-To: <Pine.NEB.3.96L.1000516170812.15891F-100000@fledge.watson.org>
References:  <Pine.NEB.3.96L.1000516170812.15891F-100000@fledge.watson.org>
X-Mailer: Mail User's Shell (7.2.6 beta(5) 10/07/98)
To: Robert Watson <rwatson@FreeBSD.ORG>
Subject: Re: Jail: Problems? Proper Usage? Status? Practicality?
Cc: security@FreeBSD.ORG
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On May 17, 11:05am, Robert Watson wrote:
} Subject: Re: Jail: Problems? Proper Usage? Status? Practicality?

} One way to substantially improve jail scalability would be to allow the
} same (read-only) file system to be present in all jails as the root, with
} only jail-local data being modified.  You can imagine gratuitously using
} nullfs (if it worked) to do this, and mount per-jail writable fs's for
} appropriatel subdirectories (/etc, /usr/local, /home) with appropriate
} symlinks within the jail.

I badly want nullfs for another reason.  It can be really handy to
allow separate jails to communicate through the filesystem.  Imagine
updating a set of web pages using rsync over ssh in one jail, and
sharing these via a read-only mount in another jail where the web
server is running.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message