Re: nullfs mount ignores readonly flag

[David Beck <dbeck@xxxxxxxxxxxxx>]

OK. Thanks for the advise.

[I know this should go to another newsgroup...]

The idea was to use nullfs for jail filesystems, so I don't need to 
duplicate files as many times as jails I have.

This had two advantages to my opinion:
   - the jail would share system executables on a readonly filesystem, 
so system upgardes would be easier.
   - also I thought that this would increase the level of security in 
jails.

If not nullfs would you recommend NFS in a similar setup? Do you see an 
other solution that works better?

Thank you very much,

   David.


Simon 'corecode' Schubert wrote:

> David Beck wrote:
>
> > Would that fix mean that the no-setuid, no-exec and other flags will 
> > work as well?
> >
> > Regards, David.
> >
> >
> > Matthew Dillon wrote:
> >
> > >    I expect there will be things that need working on.  That's one of
> > >    them.  Hmm.  We will probably have to hold the namecache entry for
> > >    normal files and use the namecache's mount point to check for the
> > >    read-only filesystem status.  No biggy (we already do this for    
> > > directories to maintain the CD path), but it may take a few days to
> > >    fix.
>
> Talking of nullfs:  I'd strongly advise not to use it in its current 
> state in production.  There are many things that need to be resolved 
> first.  See my post on kernel@
>
> cheers
>   simon