From owner-freebsd-hackers Tue Nov 12 19:37: 2 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3F6AD37B401 for ; Tue, 12 Nov 2002 19:37:01 -0800 (PST) Received: from cain.gsoft.com.au (genesi.lnk.telstra.net [139.130.136.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 415D543E42 for ; Tue, 12 Nov 2002 19:36:59 -0800 (PST) (envelope-from doconnor@gsoft.com.au) Received: from [127.0.0.1] (localhost [127.0.0.1]) by cain.gsoft.com.au (8.12.4/8.12.6) with ESMTP id gAD3aqiX052795; Wed, 13 Nov 2002 14:06:55 +1030 (CST) (envelope-from doconnor@gsoft.com.au) X-Authentication-Warning: cain.gsoft.com.au: Host localhost [127.0.0.1] claimed to be [127.0.0.1] Subject: Re: Shared files within a jail From: "Daniel O'Connor" To: Hans Zaunere Cc: freebsd-hackers@FreeBSD.ORG In-Reply-To: <20021113030847.69266.qmail@web12801.mail.yahoo.com> References: <20021113030847.69266.qmail@web12801.mail.yahoo.com> Content-Type: text/plain Organization: Message-Id: <1037158610.66058.28.camel@chowder.localdomain> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.0 Date: 13 Nov 2002 14:06:50 +1030 Content-Transfer-Encoding: 7bit X-Spam-Score: -3.4 () IN_REP_TO X-Scanned-By: MIMEDefang 2.16 (www . roaringpenguin . com / mimedefang) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 2002-11-13 at 13:38, Hans Zaunere wrote: > -- Symlinks won't work because of the chroot. > -- Mounts from within the jail aren't allowed, plus a single partition > can't be mounted multiple times, AFAIK. > -- I don't have NFS setup, and I would like to avoid it as much as > possible. > -- mount_null seems to be the answer, however the warning at the end of > the man page is scary. > > Is there any combination of these (or anything I'm forgetting) that > could help me here? Is mount_null stable? > > I've had an account on a jail server which had /shared visible within > the jail, and symlinks to /bin, /usr/lib and such. I'm not sure how > this was actually implemented, and I'd be interested if anyone has seen > or heard of any solutions to this type of problem. You should be able to use hardlinks for this sort of thing. Make sure you mark them immutable though, otherwise someone in a jail could compromise other users of those libraries [in another jail]. -- > > Daniel O'Connor software and network engineer > for Genesis Software - http://www.gsoft.com.au > "The nice thing about standards is that there > are so many of them to choose from." > -- Andrew Tanenbaum > GPG Fingerprint - 9A8C 569F 685A D928 5140 AE4B 319B 41F4 5D17 FDD5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message