Jail FS questions.

Kris Kennaway kris at obsecurity.org
Thu Oct 9 20:20:26 PDT 2003 

On Thu, Oct 09, 2003 at 10:55:26PM -0300, Marc G. Fournier wrote:
> 
> 
> On Thu, 9 Oct 2003, Kris Kennaway wrote:
> 
> > On Thu, Oct 09, 2003 at 05:00:02PM -0400, Kenny Freeman wrote:
> >
> > > >   I've been reading about unionfs and nullfs (well, more skim reading
> > > > really; I'm not FS guru, which is why I'm asking here) and one of these
> > > > sounds like it could be the idea solution.  At first glance I'd say that
> > > > unionfs would be the way to go.
> >
> > Both unionfs and nullfs are documented to be broken.  Seriously, those
> > big scary warnings in the manpages are there for a reason!
> >
> > Having said that, some people have reported success in certain limited
> > situations.  If you insist on using them, then you're on your own
> > if/when it breaks.
> >
> > This means: do not complain to us when your system crashes and you
> > lose a filesystem.
> 
> Wow, what a way to encourage ppl to report bugs ... glad there are ppl
> like Tor and David Schultz out there that are interested in fixing bugs
> and not ignoring them ...

It's not a matter of ignoring bug reports, it's a matter of not
encouraging users to do something that is likely to blow their foot
off.  Most users probably aren't willing to knowingly do something
this risky on their production machines.

Yes, it's a good thing that some developers are finally working on
fixing some of the problems, but the fact remains that nullfs/unionfs
*are not known to work in all situations* (indeed, I was able to
trigger unionfs bugs within a few minutes of testing last time I tried
on 5.x, over the summer).

It's wonderful that unionfs works for you in your particular
situation, but that does not change the fact that these filesystems
have been full of bugs for years and many problems likely still
persist; that's precisely why the warnings are still there in the
manual pages.  Until someone intimately familiar with the filesystem
expresses confidence that everything is in working order (this has not
yet happened), that's how it will stay.

Therefore, unless you can cope with panics and possible data loss when
you run into a new bug (if you haven't seen data loss, you've been
lucky - I have), don't use it.

On the other hand, if there are developers working on unionfs who have
run out of known bugs to fix (I'd be sceptical about this since I
don't remember any unionfs-related commits over the past 6 months or
so, although there might be some work-in-progress patches floating
around), and you're willing to sacrifice your machines in the name of
testing, then you should talk to those developers.

Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20031009/073896fa/attachment.bin

More information about the freebsd-questions mailing list