From owner-freebsd-questions@FreeBSD.ORG Fri Mar 4 00:13:54 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 78D8216A4CE for ; Fri, 4 Mar 2005 00:13:54 +0000 (GMT) Received: from mail.gmx.net (imap.gmx.net [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 5D3CD43D5D for ; Fri, 4 Mar 2005 00:13:53 +0000 (GMT) (envelope-from emanuel.strobl@gmx.net) Received: (qmail invoked by alias); 04 Mar 2005 00:13:52 -0000 Received: from flb.schmalzbauer.de (EHLO cale.flintsbach.schmalzbauer.de) (62.245.232.135) by mail.gmx.net (mp007) with SMTP; 04 Mar 2005 01:13:52 +0100 X-Authenticated: #301138 From: Emanuel Strobl To: freebsd-questions@freebsd.org Date: Fri, 4 Mar 2005 01:13:43 +0100 User-Agent: KMail/1.7.2 References: <4227164D.3050103@cis.strath.ac.uk> <2939.216.220.59.169.1109865872.squirrel@216.220.59.169> In-Reply-To: <2939.216.220.59.169.1109865872.squirrel@216.220.59.169> X-Birthday: 10/06/72 X-CelPhone: +49 173 9967781 X-Tel: +49 89 18947781 X-Country: Germany X-Address: Munich, 80686 X-OS: FreeBSD MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart5936014.Zjae0QKPsK"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200503040113.47609@harrymail> X-Y-GMX-Trusted: 0 cc: Ean Kingston cc: Chris Hodgins Subject: Re: Sharing directories with jails X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Mar 2005 00:13:54 -0000 --nextPart5936014.Zjae0QKPsK Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Donnerstag, 3. M=E4rz 2005 17:04 schrieb Ean Kingston: > > How dangerous is it to share the ports directory with jails on the > > system? I am using the jails to give other access to a freebsd system. > > You can assume they are untrusted (hence the jail ;)). > > > > Is it enough just to: > > ln -s /usr/ports /usr/jail/ajail/usr/ports > > That won't work. The jail does a chroot (along with other things) when it > starts up so the link inside the jail will wind up pointing to itself. > > The only way I've been able to figure out how to do something like that is > by running an NFS server outside the jail and then run an NFS client You can also use nullfs (man (8) mount_nullfs). It's slow and not certified= to=20 be bugfree but I never had any problems and especially for centralized port= s=20 very useful. =2DHarry --nextPart5936014.Zjae0QKPsK Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCJ6g7Bylq0S4AzzwRAsA+AJ9dw8/XTNr8ecMDRNHs0gCvEP5imQCfTFsG lvwDEJTxzD0gsyzD3YNdKT4= =rJID -----END PGP SIGNATURE----- --nextPart5936014.Zjae0QKPsK--