nullfs mount ignores readonly flag

Oliver Fromme check+isu2oi00rsa902br at fromme.com
Mon Jan 9 09:01:25 PST 2006


David Beck <dbeck at xxxxxxxxxxxxx> wrote:
 > The idea was to use nullfs for jail filesystems, so I don't need to 
 > duplicate files as many times as jails I have.
 > 
 > This had two advantages to my opinion:
 >    - the jail would share system executables on a readonly filesystem, 
 > so system upgardes would be easier.
 >    - also I thought that this would increase the level of security in 
 > jails.
 > 
 > If not nullfs would you recommend NFS in a similar setup? Do you see an 
 > other solution that works better?

Personally, I use NFS loopback union mounts (read-only) for
the very same thing (i.e. multiple jails).  Note that, by
saying "union mounts" I mean the -o union flag of the mount
command, *not* UNIONFS which I'd rather avoid.  The -o union
flag serves a similar purpose and is rock stable.  It's a
bit less flexible than UNIONFS because it merges only the
contents of the root directory of the file system mounted,
but that's usually sufficient (with the help of a few sym-
links).

The performance of loopback NFS is very good.  I was afraid
that the NFS overhead would kill the machine, but it turned
out not to be an issue.

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd

Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.





More information about the Bugs mailing list