On Thu, 12 Apr 2007, Oliver Fromme wrote: > Ed Schouten wrote: > > Bernd Walter wrote: > > > E.g. hardlink system binaries over multiple jails flaged immuteable. > > > No jail can compromise the data in other jails, while still allowing > > > the kernel to share memory pages for it. > > > > There are nicer ways to do that as far as I know. Just read-only nullmount > > some kind of base install to another directory. > > Memory pages are not shared across different mounts, including nullmounts > (AFAIK), which was Bernd's point. So Bernd's solution is much better in > terms of memory usage, which is significant if you run a large number of > jails. This is a slightly vague statement. To be a bit more specific: there is a significant memory overhead to running nullfs, as all base file system vnodes have shadow vnodes. However, the VM objects, and hence file cache, are shared across the layers. If you mmap at one layer, you're getting the same pages as the underlying layer, for example. Robert N M Watson Computer Laboratory University of CambridgeReceived on Thu Apr 12 2007 - 12:47:39 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:08 UTC