Nullfs Allows Jailbreaking

Jason C. Wells jcw at
Thu Dec 23 02:56:18 UTC 2010

Here is my file system scheme for a newly created jail as viewed from 
the host:

/usr/jail/template on /usr/jail/f1 (nullfs, local, read-only)
/usr/jail/f1-fs/etc on /usr/jail/f1/etc (nullfs, local)
/usr/jail/f1-fs/tmp on /usr/jail/f1/tmp (nullfs, local)
/usr/jail/f1-fs/var on /usr/jail/f1/var (nullfs, local)
/usr/jail/f1-fs/usr-local on /usr/jail/f1/usr/local (nullfs, local)

As viewed from the jail:

/usr/jail/template on / (nullfs, local, read-only)

I like the idea of using a template for multiple jails that I plan to 
use later.  I like the ide of mounting the template read only.  I had to 
splice in the other nullfs filesystems so that things that need to be 
read-write can be.

But it seems kinda funky.  Inside the jail it looks like EVERYTHING is 
read-only and you have no way of knowing that /tmp is actually 
read-write.  There seems to be a violation of the segregation going on here.

What pitfalls can you see in a file system scheme like this for my 
jails?  Is the above behavior by design or did I find a flaw?


More information about the freebsd-questions mailing list