nullfs and named pipes.
Jeremie Le Hen
jeremie at le-hen.org
Thu Feb 15 14:21:36 UTC 2007
Hi Josef,
On Sun, Feb 04, 2007 at 02:37:11AM +0000, Josef Karthauser wrote:
> There appears to be a lot of confusion on the lists about this point
> as many people are trying to do this so as to make a single mysql
> server available from within a number of jails, for instance. However
> people appear to think that this is a limitation of the jail code, not a
> limitation of the null_fs code. Having named pipes work in null_fs
> filesystems would be a very handy thing indeed.
Note that all processes within a jail can only intefere with processes
from another jail or host as if they were on different machines. This
means they can communicate through PF_INET for instance but not
PF_LOCAL.
IOW you have to think your jails as if theey were multiples boxes.
You should therefore make them communicate with networking sockets and
protect the latter with firewalling rules or tcpwrapper.
Regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
More information about the freebsd-hackers
mailing list