New NULLFS in HEAD

Matthew Dillon dillon at apollo.backplane.com
Fri Nov 17 17:36:35 PST 2006


    This just a head's up in case people missed the sequence of commits
    a few weeks ago, but NULLFS is now seriously enhanced in HEAD.  You can
    glue nullfs mounts together however you like now, without restriction.

    So, for example, you can do this:

    mount_null -o ro / /jail1
    mount_null -o ro /usr /jail1/usr
    mount_null /jaildata/jail1/etc /jail1/etc

    mount_null -o ro / /jail2
    mount_null -o ro /usr /jail2/usr
    mount_null /jaildata/jail2/etc /jail2/etc

    And so forth.  You can glue pieces of the filesystem together into
    whatever arrangement you want, use chroot or jail to push into it,
    and have no visibility outside of that arrangement.  And it's ultra
    memory efficient, too.  The namecache and vnode topology is shared
    with the base filesystems and do not eat any extra memory.

    With a small bit of work it would probably even be possible to 
    export these synthesized filesystems via NFS (albeit with all the
    security issues involved when not glueing together filesystem roots).
    If someone wants to getting NFS exports working properly on nullfs
    mounts would be a nice little project.

					-Matt
					Matthew Dillon 
					<dillon at xxxxxxxxxxxxx>





More information about the Users mailing list