[ANN] unionfs patchset-13 release
André Braga
meianoite at gmail.com
Thu Jun 1 22:26:59 PDT 2006
On 6/1/06, Robert Watson <rwatson at freebsd.org> wrote:
> On Wed, 31 May 2006, André Braga wrote:
[snip]
> > I also have this feeling that ACLs also aren't respected inside
> > jails or can be overwritten as easily as shown below
>
> By "ACLs also aren't respected inside jails", do you mean, "ACLs don't work in
> jail", or do you mean, "ACLs don't work with unionfs"? They are believed
> firmly to work with jail, and if you have evidence to the contrary, a PR
> pointer would be greatly appreciated so it can be investigated.
s/"jails"/"unionfs with the -b option". Sorry.
I intended to use unionfs to keep a single "pristine" tree with
nothing but what installword/distribution puts in there, and then
layer several other mountpoints on top of it to handle several jails,
each to every service my server would offer: web, mail, database,
RADIUS, LDAP and user's home directories. This works best by mounting
the pristine tree *below* those mountpoints. However, as demonstrated
by the test case on my previous message, more sophisticated access
control mechanisms, like immutable flags, are not handled by the
patchset as per the -p11 version (and I still don't know whether this
behaviour was fixed on subsequent patches up to -p13. Would someone
enlighten me?). This is why I mentioned that ACLs are probably not
correctly handled by "unionfs with the mount below option" either.
This has nothing to do with jails per se, but to unionfs. Sorry if I
alarmed anyone :)
More information about the freebsd-fs
mailing list