Jail to jail network performance?

[Uwe Doering]

Brandon Fosdick wrote:
> Robert Watson wrote:
>  > (1) Modifying the name space exclusion assumption for jails, so that the
> 
>>    file system name spaces overlap.  One way to do this is with nullfs.
> 
> nullfs looks interesting. I was thinking about sharing files between jails using NFS, but it looks like nullfs would do the trick with better performance. Although the bugs section of the man page for mount_nullfs is rather scary. Does anyone have any experience with it? Does it actually work?
> 
> If the point here is to make /tmp/mysql.sock show up in another jail's file space, can I use a symlink instead? Can a jailed process see the target of the symlink?

Symlinks are just a path mapping mechanism performed by the kernel at 
lookup time, that is, before the actual access.  In a jail only those 
parts of a filesystem are visible that are at or below the jail's root 
directory.  The same goes for normal chroots.  So if the symlink points 
to a location outside this scope you cannot access the object.

Hardlinks would work, but only if the jails concerned live in the same 
filesystem.  Though they can of course be confined in separate, 
non-overlapping parts of that filesystem.

    Uwe
-- 
Uwe Doering         |  EscapeBox - Managed On-Demand UNIX Servers
gemini at geminix.org  |  http://www.escapebox.net