nullfs [was: Need urgent help regarding security]

Chad Leigh -- Shire.Net LLC chad at shire.net
Thu Nov 17 18:36:38 GMT 2005


On Nov 17, 2005, at 7:36 AM, Mark Bucciarelli wrote:

> On Wed, Nov 16, 2005 at 10:16:16PM -0700, Chad Leigh -- Shire.Net LLC
> wrote:
>
>> I then create one or more jails that use nullfs to READ ONLY mount
>> specific parts of the master hierarchy into the jail.
>
> This is very interesting to me, as I are currently working on a jail
> design and nullfs has a number of question marks next to it, mainly  
> due
> to the scary man page warning. Here are a few of the questions:
>
> How did you decide it was trustworthy?

I did a few tests and read some archived posts from others using it.   
I was previously using a localhost nfs mount but wanted to eliminate  
nfs from the mix due to another issue I was having.

>
> Does it result in lower RAM usage? (The program that is run, for
> example, Apache, comes from the same spot on the disk across all  
> jails.)

Don't know.  Never did any tests.

>
> Is it currently maintained? The man page includes a maintainer
> solicitation.

Don't know.  However, archived posts lead me to believe that bugs  
have been fixed etc recently and the man page may be out of date.

>
> Have you had any problems in production?

Not that I know of.  Seems to be running fine with over 40 jails on  
the machine.  Most are READ ONLY but I do have one jail with a RW / 
usr so it can install ports etc.  I have a /usr/public I install  
ports into for all jails to use.

>
> Have you used it for long?
>

A few months.  Previously I was happily doing the same thing with the  
localhost nfs mount.

best
Chad


> m
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions- 
> unsubscribe at freebsd.org"

---
Chad Leigh -- Shire.Net LLC
Your Web App and Email hosting provider
chad at shire.net




More information about the freebsd-questions mailing list