Jail organization
Chad Leigh -- Shire.Net LLC
chad at shire.net
Mon Apr 26 07:03:54 PDT 2004
On Apr 26, 2004, at 5:42 AM, Harald Schmalzbauer wrote:
>
> Use mount_nullfs whenever you need more than the spezialized jail
> itself was
> designed for, eg. when installing a new port
> mount_nullfs /hostusr/ports /jailuser/ports.
> I explicitly use one single label for each jail. Don't forget in case
> of a
> compromised jail the hacker could simply fill up your filesystem when
> you use
> only directories.
>
> -Harry
>
I have stated away from mount_nullfs because the man page for it (on
5-2-CURRENT) still says:
BUGS
THIS FILE SYSTEM TYPE IS NOT YET FULLY SUPPORTED (READ: IT DOESN'T
WORK)
AND USING IT MAY, IN FACT, DESTROY DATA ON YOUR SYSTEM. USE AT
YOUR OWN
RISK. BEWARE OF DOG. SLIPPERY WHEN WET.
This code also needs an owner in order to be less dangerous -
serious
hackers can apply by sending mail to <hackers at FreeBSD.org> and
announcing
their intent to take it over.
HISTORY
The mount_nullfs utility first appeared in 4.4BSD.
Is this still true? Is it safe to use, at least in a read only
situation?
I have been remounting various parts of the filesystem in read only
state using nfs from the local filesystem, ie,
% mount localhost:/jailmaster/usr /jail/usr
Chad
More information about the freebsd-questions
mailing list