> Aesthetics and philosophy aside, are there any real security holes in just > using the systems /usr everywhere if it is mounted read only in the jails? > THis seems to be the > approach used by solaris zones. Usually a jail /usr is almost empty. You would prefer to have the very strict minimum of things inside a jail. Olivier