Re: ZFS to support chflags?

From: Bernd Walter <ticso_at_cicely12.cicely.de>
Date: Thu, 12 Apr 2007 15:49:09 +0200
On Thu, Apr 12, 2007 at 03:55:24PM +0300, Kostik Belousov wrote:
> On Thu, Apr 12, 2007 at 02:38:33PM +0200, Oliver Fromme wrote:
> > Ed Schouten wrote:
> >  > Bernd Walter wrote:
> >  > > E.g. hardlink system binaries over multiple jails flaged immuteable.
> >  > > No jail can compromise the data in other jails, while still allowing
> >  > > the kernel to share memory pages for it.
> >  > 
> >  > There are nicer ways to do that as far as I know. Just read-only
> >  > nullmount some kind of base install to another directory.
> > 
> > Memory pages are not shared across different mounts,
> > including nullmounts (AFAIK), which was Bernd's point.
> > So Bernd's solution is much better in terms of memory
> > usage, which is significant if you run a large number
> > of jails.
> 
> Pages are shared for file mmaped from different null mounts.

I wasn't aware of this - that's good.
But there are still other interesting benefits of extended flags in
jails, such as append-only for logfiles, etc...
Unlike the old securelevel mechanism the files can still be rotated
outside the jails.

-- 
B.Walter                http://www.bwct.de      http://www.fizon.de
bernd_at_bwct.de           info_at_bwct.de            support_at_fizon.de
Received on Thu Apr 12 2007 - 11:49:20 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:08 UTC