How much of freebsd can be made read-only in a jail
Nicolas Geniteau
nicolas at geniteau.com
Sat Nov 15 11:36:13 UTC 2014
Hi Robert,
First, I don't have any FreeBSD accessible now, so my answer will be
quite imprecise.
2014-11-15 6:14 GMT+01:00 Robert Sevat <robert at indylix.nl>:
> I've started using Ansible to make my life easier while managing a lot
> of jails.
Great, Ansible is a very usefull tool ! I never tried on FreeBSD, is
it well supported ?
> So my question is, how much can be made read-only?
I already done this kind of things in the past. If my memory is good,
I set all /tmp and /var RW and works well with almost services. You
can probably be more restrictive, but, is it really usefull ?
If I had to do this kind of thing now, I would try to do same as a
diskless boot.
https://www.freebsd.org/doc/handbook/network-diskless.html
man diskless
The /etc/rc.initdiskless script (or something like this), after mount
/ in RO by NFS, create a memory filesystem populated by a template
for, generaly, /var and /etc (I can't explain why the diskless
documentation say to do /etc too).
Using this principe, no change on disk is possible, only in RAM.
It seems to me that the script is well documented, you probably can
adapt it to fill your needs.
Regards,
--
Nicolas
More information about the freebsd-questions
mailing list