Mounting directory via nullfs when RW part mounted above RO from one filesystem is insecure for RO location, because it allows you to edit a file by hardlink on RO place, due to the fact that the files have one inode.
For example (by root user): % mkdir /usr/chroot % bsdinstall jail /usr/chroot % mount_nullfs -oro /bin /usr/chroot/bin % mkdir /rw % mount_nullfs /rw /usr/chroot/root % chroot /usr/chroot % touch /bin/date touch: /bin/date: Read-only file system % cd ~ % ln /bin/date % ls -i /bin/date /root/date 58182 /bin/date 58182 /root/date (open /root/date in vi editor and change something) % vi date dd :wq! (logout from chroot) % exit (now /bin/date is corrupted) % /bin/date /bin/date: Exec format error. Binary file not executable. Such scheme when the RW data is overlaid above RO data is popular for jail hosting and described in Handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-application.html Perhaps it is worth mentioning in the article about the need to separate base to cross-device storage or place it on a read-only system. _______________________________________________ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
