On 6/1/06, Robert Watson <rwatson_at_freebsd.org> wrote: > On Wed, 31 May 2006, André Braga wrote: [snip] > > I also have this feeling that ACLs also aren't respected inside > > jails or can be overwritten as easily as shown below > > By "ACLs also aren't respected inside jails", do you mean, "ACLs don't work in > jail", or do you mean, "ACLs don't work with unionfs"? They are believed > firmly to work with jail, and if you have evidence to the contrary, a PR > pointer would be greatly appreciated so it can be investigated. s/"jails"/"unionfs with the -b option". Sorry. I intended to use unionfs to keep a single "pristine" tree with nothing but what installword/distribution puts in there, and then layer several other mountpoints on top of it to handle several jails, each to every service my server would offer: web, mail, database, RADIUS, LDAP and user's home directories. This works best by mounting the pristine tree *below* those mountpoints. However, as demonstrated by the test case on my previous message, more sophisticated access control mechanisms, like immutable flags, are not handled by the patchset as per the -p11 version (and I still don't know whether this behaviour was fixed on subsequent patches up to -p13. Would someone enlighten me?). This is why I mentioned that ACLs are probably not correctly handled by "unionfs with the mount below option" either. This has nothing to do with jails per se, but to unionfs. Sorry if I alarmed anyone :)Received on Fri Jun 02 2006 - 03:26:59 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:56 UTC