ZFS to support chflags?
ticso at cicely12.cicely.de
Thu Apr 12 13:49:21 UTC 2007
On Thu, Apr 12, 2007 at 03:55:24PM +0300, Kostik Belousov wrote:
> On Thu, Apr 12, 2007 at 02:38:33PM +0200, Oliver Fromme wrote:
> > Ed Schouten wrote:
> > > Bernd Walter wrote:
> > > > E.g. hardlink system binaries over multiple jails flaged immuteable.
> > > > No jail can compromise the data in other jails, while still allowing
> > > > the kernel to share memory pages for it.
> > >
> > > There are nicer ways to do that as far as I know. Just read-only
> > > nullmount some kind of base install to another directory.
> > Memory pages are not shared across different mounts,
> > including nullmounts (AFAIK), which was Bernd's point.
> > So Bernd's solution is much better in terms of memory
> > usage, which is significant if you run a large number
> > of jails.
> Pages are shared for file mmaped from different null mounts.
I wasn't aware of this - that's good.
But there are still other interesting benefits of extended flags in
jails, such as append-only for logfiles, etc...
Unlike the old securelevel mechanism the files can still be rotated
outside the jails.
B.Walter http://www.bwct.de http://www.fizon.de
bernd at bwct.de info at bwct.de support at fizon.de
More information about the freebsd-current