Re: nullfs mount ignores readonly flag

[Oliver Fromme <check+isu2oi00rsa902br@xxxxxxxxxx>]

David Beck <dbeck@xxxxxxxxxxxxx> wrote:
 > The idea was to use nullfs for jail filesystems, so I don't need to 
 > duplicate files as many times as jails I have.
 > 
 > This had two advantages to my opinion:
 >    - the jail would share system executables on a readonly filesystem, 
 > so system upgardes would be easier.
 >    - also I thought that this would increase the level of security in 
 > jails.
 > 
 > If not nullfs would you recommend NFS in a similar setup? Do you see an 
 > other solution that works better?

Personally, I use NFS loopback union mounts (read-only) for
the very same thing (i.e. multiple jails).  Note that, by
saying "union mounts" I mean the -o union flag of the mount
command, *not* UNIONFS which I'd rather avoid.  The -o union
flag serves a similar purpose and is rock stable.  It's a
bit less flexible than UNIONFS because it merges only the
contents of the root directory of the file system mounted,
but that's usually sufficient (with the help of a few sym-
links).

The performance of loopback NFS is very good.  I was afraid
that the NFS overhead would kill the machine, but it turned
out not to be an issue.

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd

Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.