On 6/1/06, Robert Watson <[EMAIL PROTECTED]> wrote:
On Wed, 31 May 2006, André Braga wrote:
[snip]
> I also have this feeling that ACLs also aren't respected inside
> jails or can be overwritten as easily as shown below
By "ACLs also aren't respected inside jails", do you mean, "ACLs don't work in
jail", or do you mean, "ACLs don't work with unionfs"? They are believed
firmly to work with jail, and if you have evidence to the contrary, a PR
pointer would be greatly appreciated so it can be investigated.
s/"jails"/"unionfs with the -b option". Sorry.
I intended to use unionfs to keep a single "pristine" tree with
nothing but what installword/distribution puts in there, and then
layer several other mountpoints on top of it to handle several jails,
each to every service my server would offer: web, mail, database,
RADIUS, LDAP and user's home directories. This works best by mounting
the pristine tree *below* those mountpoints. However, as demonstrated
by the test case on my previous message, more sophisticated access
control mechanisms, like immutable flags, are not handled by the
patchset as per the -p11 version (and I still don't know whether this
behaviour was fixed on subsequent patches up to -p13. Would someone
enlighten me?). This is why I mentioned that ACLs are probably not
correctly handled by "unionfs with the mount below option" either.
This has nothing to do with jails per se, but to unionfs. Sorry if I
alarmed anyone :)
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
