From owner-freebsd-current@FreeBSD.ORG  Thu Apr 12 12:03:42 2007
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: current@FreeBSD.org
Delivered-To: freebsd-current@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id E6EBF16A4CB
	for <current@FreeBSD.org>; Thu, 12 Apr 2007 12:03:42 +0000 (UTC)
	(envelope-from ed@hoeg.nl)
Received: from palm.hoeg.nl (mx0.hoeg.nl [83.98.131.211])
	by mx1.freebsd.org (Postfix) with ESMTP id AD98E13C468
	for <current@FreeBSD.org>; Thu, 12 Apr 2007 12:03:42 +0000 (UTC)
	(envelope-from ed@hoeg.nl)
Received: by palm.hoeg.nl (Postfix, from userid 1000)
	id B6DE51CC23; Thu, 12 Apr 2007 14:03:41 +0200 (CEST)
Date: Thu, 12 Apr 2007 14:03:41 +0200
From: Ed Schouten <ed@fxq.nl>
To: ticso@cicely.de
Message-ID: <20070412120341.GE45949@hoeg.nl>
References: <200704112004.03903.lists@jnielsen.net>
	<20070412021645.GQ30772@cicely12.cicely.de>
	<20070412114135.C64803@fledge.watson.org>
	<20070412112045.GR30772@cicely12.cicely.de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="a+b56+3nqLzpiR9O"
Content-Disposition: inline
In-Reply-To: <20070412112045.GR30772@cicely12.cicely.de>
User-Agent: Mutt/1.5.15 (2007-04-06)
Cc: current@FreeBSD.org
Subject: Re: ZFS to support chflags?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Apr 2007 12:03:43 -0000


--a+b56+3nqLzpiR9O
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

* Bernd Walter <ticso@cicely12.cicely.de> wrote:
> E.g. hardlink system binaries over multiple jails flaged immuteable.
> No jail can compromise the data in other jails, while still allowing
> the kernel to share memory pages for it.

There are nicer ways to do that as far as I know. Just read-only
nullmount some kind of base install to another directory. Union mount
another directory on top that holds jail specific data. That way you
have a `copy-on-write' FreeBSD install. Make sure you mount everything
with noatime.

--=20
 Ed Schouten <ed@fxq.nl>
 WWW: http://g-rave.nl/

--a+b56+3nqLzpiR9O
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)

iD8DBQFGHiAd52SDGA2eCwURAteIAJ468p56W9BEb+c2Ks++dQf4SAC5xACbBE14
x/ZLQFiC43rGvRdE2Succ0c=
=9gP/
-----END PGP SIGNATURE-----

--a+b56+3nqLzpiR9O--