Chad Leigh -- Shire.Net LLC
chad at shire.net
Mon Apr 26 07:03:54 PDT 2004
On Apr 26, 2004, at 5:42 AM, Harald Schmalzbauer wrote:
> Use mount_nullfs whenever you need more than the spezialized jail
> itself was
> designed for, eg. when installing a new port
> mount_nullfs /hostusr/ports /jailuser/ports.
> I explicitly use one single label for each jail. Don't forget in case
> of a
> compromised jail the hacker could simply fill up your filesystem when
> you use
> only directories.
I have stated away from mount_nullfs because the man page for it (on
5-2-CURRENT) still says:
THIS FILE SYSTEM TYPE IS NOT YET FULLY SUPPORTED (READ: IT DOESN'T
AND USING IT MAY, IN FACT, DESTROY DATA ON YOUR SYSTEM. USE AT
RISK. BEWARE OF DOG. SLIPPERY WHEN WET.
This code also needs an owner in order to be less dangerous -
hackers can apply by sending mail to <hackers at FreeBSD.org> and
their intent to take it over.
The mount_nullfs utility first appeared in 4.4BSD.
Is this still true? Is it safe to use, at least in a read only
I have been remounting various parts of the filesystem in read only
state using nfs from the local filesystem, ie,
% mount localhost:/jailmaster/usr /jail/usr
More information about the freebsd-questions