Date: Mon, 26 Apr 2004 08:03:48 -0600 From: "Chad Leigh -- Shire.Net LLC" <chad@shire.net> To: antwort@schmalzbauer.de Cc: freebsd-questions@freebsd.org Subject: Re: Jail organization Message-ID: <8A17357B-978A-11D8-91B5-003065A70D30@shire.net> In-Reply-To: <200404261342.48970.h@schmalzbauer.de> References: <87fzaravaj.fsf@deneb.enyo.de> <200404261342.48970.h@schmalzbauer.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 26, 2004, at 5:42 AM, Harald Schmalzbauer wrote:
>
> Use mount_nullfs whenever you need more than the spezialized jail
> itself was
> designed for, eg. when installing a new port
> mount_nullfs /hostusr/ports /jailuser/ports.
> I explicitly use one single label for each jail. Don't forget in case
> of a
> compromised jail the hacker could simply fill up your filesystem when
> you use
> only directories.
>
> -Harry
>
I have stated away from mount_nullfs because the man page for it (on
5-2-CURRENT) still says:
BUGS
THIS FILE SYSTEM TYPE IS NOT YET FULLY SUPPORTED (READ: IT DOESN'T
WORK)
AND USING IT MAY, IN FACT, DESTROY DATA ON YOUR SYSTEM. USE AT
YOUR OWN
RISK. BEWARE OF DOG. SLIPPERY WHEN WET.
This code also needs an owner in order to be less dangerous -
serious
hackers can apply by sending mail to <hackers@FreeBSD.org> and
announcing
their intent to take it over.
HISTORY
The mount_nullfs utility first appeared in 4.4BSD.
Is this still true? Is it safe to use, at least in a read only
situation?
I have been remounting various parts of the filesystem in read only
state using nfs from the local filesystem, ie,
% mount localhost:/jailmaster/usr /jail/usr
Chad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8A17357B-978A-11D8-91B5-003065A70D30>