On Fri, Dec 2, 2022 at 2:03 AM Olivier Certner <olivier.free...@free.fr> wrote:
> Hi, > > > (snip) > > > > #2 - Require separate file systems and run mountd inside the jail(s). > > > > I think that allowing both alternatives would be too confusing > > and it seems that most want mountd to run within the jail(s). > > As such, unless others prefer #1, I think #2 is the way to go. > > Just to be sure I've understood correctly: You plan to make a separate > filesystem as jail's root a requirement but only in the case of using > mountd(8) in the jail? Or in general? > Certainly not in general. Current plan is for the case of mountd/nfsd. To enforce it for cases where mountd/nfsd is not being run would definitely be a POLA violation. rick > > While I think doing so in the NFSv4/mountd case is indeed a good idea, I > don't > think enforcing it in general is. It would generally degrade the multiple > jails management experience on UFS (in the absence of a volume manager), > where > all jails have roots in the same filesystem (to avoid > allocating/deallocating > space as jails come and go or must be resized). > > Regards. > > -- > Olivier Certner > > >
