Rob wrote:
I'm trying to figure out the best layout for multiple jails.
I'd like to share binaries across jails - patches and packages only need
to be installed once, and it saves a lot of space. So these directories
would be shared and read-only: [...]
You can also use mount_unionfs with option -b. For instance you have a
template jail, let's say in /usr/jail/template, and a jail in
/usr/jail/myjail. You can mount now the template to the jail directory
mount_unionfs -b /usr/jail/template /usr/jail/myjail
It's not read-only. Now you have all files of the template in myjail and
you can even overwrite or delete them if you like, the template remains
untouched.
unionfs treats the mounted directory and the mount point as two layers.
An upper layer where all changes are stored and a lower layer which is
not writable through the upper layer. The option -b invert the position
of these layers.
I make some practical examples:
If you access the myjail directory then you can imagine that you look
from top onto the upper layer and in some cases you look through the
upper layer to the lower layer.
(1) (2) (3)
| | |
+-------|----------|--------------|--------+
| upper layer: /usr/jail/myjail | |
| | | | |
| | V X |
| | /etc/rc.conf |
+-------|----------------------------------+
| lower layer: /usr/jail/template |
| | |
| V |
| /bin/sh /etc/rc.conf /usr/bin/gcc |
+------------------------------------------+
(1) /bin/sh exists in the template, but not in myjail. You'll access the
file of the lower layer.
(2) At first /etc/rc.conf exists in the template only. Then you deceide
that you want to make some changes to the file and you save it. It's
stored in the upper layer and from now you access your changed file
only. The file exists in two different versions in both layers.
(3) You don't need /usr/bin/gcc in your jail? Just delete it. The
template remains untouched, but you can't access it now anymore; even
not if you remount your unionfs.
Please test the use of unionfs copiously. Read the manpage
mount_unionfs(8), especially the BUGS section. I know some users which
never had problems with unionfs and jails, but you should be careful
with it nevertheless.
Regards
Björn
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
