Ed Schouten wrote: > Bernd Walter wrote: > > E.g. hardlink system binaries over multiple jails flaged immuteable. > > No jail can compromise the data in other jails, while still allowing > > the kernel to share memory pages for it. > > There are nicer ways to do that as far as I know. Just read-only > nullmount some kind of base install to another directory. Memory pages are not shared across different mounts, including nullmounts (AFAIK), which was Bernd's point. So Bernd's solution is much better in terms of memory usage, which is significant if you run a large number of jails. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "If you aim the gun at your foot and pull the trigger, it's UNIX's job to ensure reliable delivery of the bullet to where you aimed the gun (in this case, Mr. Foot)." -- Terry Lambert, FreeBSD-hackers mailing list.Received on Thu Apr 12 2007 - 10:38:40 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:08 UTC