Re: [ANN] unionfs patchset-13 release

From: André Braga <meianoite_at_gmail.com>
Date: Fri, 2 Jun 2006 02:26:55 -0300
On 6/1/06, Robert Watson <rwatson_at_freebsd.org> wrote:
> On Wed, 31 May 2006, André Braga wrote:
[snip]
> > I also have this feeling that ACLs also aren't respected inside
> > jails or can be overwritten as easily as shown below
>
> By "ACLs also aren't respected inside jails", do you mean, "ACLs don't work in
> jail", or do you mean, "ACLs don't work with unionfs"?  They are believed
> firmly to work with jail, and if you have evidence to the contrary, a PR
> pointer would be greatly appreciated so it can be investigated.

s/"jails"/"unionfs with the -b option". Sorry.

I intended to use unionfs to keep a single "pristine" tree with
nothing but what installword/distribution puts in there, and then
layer several other mountpoints on top of it to handle several jails,
each to every service my server would offer: web, mail, database,
RADIUS, LDAP and user's home directories. This works best by mounting
the pristine tree *below* those mountpoints. However, as demonstrated
by the test case on my previous message, more sophisticated access
control mechanisms, like immutable flags, are not handled by the
patchset as per the -p11 version (and I still don't know whether this
behaviour was fixed on subsequent patches up to -p13. Would someone
enlighten me?). This is why I mentioned that ACLs are probably not
correctly handled by "unionfs with the mount below option" either.

This has nothing to do with jails per se, but to unionfs. Sorry if I
alarmed anyone :)
Received on Fri Jun 02 2006 - 03:26:59 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:56 UTC