Jail to jail network performance?
Oliver Fromme
olli at lurza.secnetix.de
Mon Sep 19 07:15:06 PDT 2005
[Sorry, this is a late reply, but might be helpful.]
Daniel Gerzo <danger at rulez.sk> wrote:
> Hello Brandon,
> Thursday, September 15, 2005, 5:17:57 AM, you wrote:
> > [...]
> > nullfs looks interesting. I was thinking about sharing files
> > between jails using NFS, but it looks like nullfs would do the trick
> > with better performance. Although the bugs section of the man page
> > for mount_nullfs is rather scary. Does anyone have any experience
> > with it? Does it actually work?
>
> btw unionfs is interesting as well, but the BUGS section is pretty the
> same :)
Another possibility is to use union mounts (i.e. using the
"-o union" mount flag with a regular mount). This works
without problems and is very stable, but it is a little
less flexible than UNIONFS (or NULLFS) because it merges
only the directory entries at the mount point.
> > If the point here is to make /tmp/mysql.sock show up in another
> > jail's file space, can I use a symlink instead? Can a jailed process
> > see the target of the symlink?
>
> I read that using such a symlinks has security impacts.
Symlinks within a jail cannot point to targets outside of
that jail.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
"When your hammer is C++, everything begins to look like a thumb."
-- Steve Haflich, in comp.lang.c++
More information about the freebsd-stable
mailing list