On Dec 22, 2010, at 7:56 PM, Jason C. Wells wrote: > Here is my file system scheme for a newly created jail as viewed from the > host: > > /usr/jail/template on /usr/jail/f1 (nullfs, local, read-only) > /usr/jail/f1-fs/etc on /usr/jail/f1/etc (nullfs, local) > /usr/jail/f1-fs/tmp on /usr/jail/f1/tmp (nullfs, local) > /usr/jail/f1-fs/var on /usr/jail/f1/var (nullfs, local) > /usr/jail/f1-fs/usr-local on /usr/jail/f1/usr/local (nullfs, local) > > As viewed from the jail: > > /usr/jail/template on / (nullfs, local, read-only) > > I like the idea of using a template for multiple jails that I plan to use > later. I like the ide of mounting the template read only. I had to splice > in the other nullfs filesystems so that things that need to be read-write can > be. > > But it seems kinda funky. Inside the jail it looks like EVERYTHING is > read-only and you have no way of knowing that /tmp is actually read-write. > There seems to be a violation of the segregation going on here. > > What pitfalls can you see in a file system scheme like this for my jails? Is > the above behavior by design or did I find a flaw?
I have been doing this for years with great success. I don't understand your question. How does it look like everything is read only from inside the jail? The fact that a "df" only shows the root filesystem and not all your others file systems? (assuming that is still the truth -- my jails do this on older FBSD systems) _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"