Date: Mon, 26 Apr 2004 18:41:13 +0200 From: Harald Schmalzbauer <h@schmalzbauer.de> To: freebsd-questions@freebsd.org Cc: "Chad Leigh -- Shire.Net LLC" <chad@shire.net> Subject: Re: Jail organization Message-ID: <200404261841.17705@harryhomeworkstation> In-Reply-To: <8A17357B-978A-11D8-91B5-003065A70D30@shire.net> References: <87fzaravaj.fsf@deneb.enyo.de> <200404261342.48970.h@schmalzbauer.de> <8A17357B-978A-11D8-91B5-003065A70D30@shire.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Boundary-02=_tuTjAmlwnSXEhIH Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Montag, 26. April 2004 16:03 schrieb Chad Leigh -- Shire.Net LLC: > On Apr 26, 2004, at 5:42 AM, Harald Schmalzbauer wrote: > > Use mount_nullfs whenever you need more than the spezialized jail > > itself was > > designed for, eg. when installing a new port > > mount_nullfs /hostusr/ports /jailuser/ports. > > I explicitly use one single label for each jail. Don't forget in case > > of a > > compromised jail the hacker could simply fill up your filesystem when > > you use > > only directories. > > > > -Harry > > I have stated away from mount_nullfs because the man page for it (on > 5-2-CURRENT) still says: > > BUGS > THIS FILE SYSTEM TYPE IS NOT YET FULLY SUPPORTED (READ: IT DOESN'T > WORK) > AND USING IT MAY, IN FACT, DESTROY DATA ON YOUR SYSTEM. USE AT > YOUR OWN > RISK. BEWARE OF DOG. SLIPPERY WHEN WET. > > This code also needs an owner in order to be less dangerous - > serious > hackers can apply by sending mail to <hackers@FreeBSD.org> and > announcing > their intent to take it over. > > HISTORY > The mount_nullfs utility first appeared in 4.4BSD. > > > Is this still true? Is it safe to use, at least in a read only > situation? Oh, I've never had a look into the man page. And I haven't beed using it fo= r=20 long nor at high load scenarios but for me it works (tm). In production I use it readonly but I also haven't had any problems in=20 read-write operation. But consider it as a nullfs-newbie report! =2DHarry > > I have been remounting various parts of the filesystem in read only > state using nfs from the local filesystem, ie, > > % mount localhost:/jailmaster/usr /jail/usr > > Chad > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" =2D-=20 Please never add my reply address to CC nor to the recipient list! If you make "answers to all" please remove my address!!!!!!!!!!!!! I'll complain if I see my reply address on any mailinglist!!!!!!!! --Boundary-02=_tuTjAmlwnSXEhIH Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAjTutBylq0S4AzzwRAsPJAJ92u/bEIES8KcEOJxRFcowGuhfUPQCfY3+P d6PgTkdKgtrPdFYlCHSTDMc= =CKbD -----END PGP SIGNATURE----- --Boundary-02=_tuTjAmlwnSXEhIH--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404261841.17705>