"chroot" + "mount --bind" + "ln" _or_ "chroot" + "cp -a"?
Hi,
I'm setting up a chrooted apache. All howto's I found
_copy_ the required files into the directory that they
later chroot into.
Is it OK (read: safe) to use hardlinks and
"mount --bind" instead?
For example, before doing
# chroot /usr/chroot/apache /usr/sbin/apachectl start
I'd like to setup /usr/chroot/apache like this
(/etc and /var are different partitions)
# ln /etc/mime.types /etc/_chroot/apache/mime.types
# <hardlink a few other files in /etc...>
# mount --bind /etc/apache \
/etc/_chroot/apache/apache
# mount --bind /etc/_chroot/apache \
/usr/chroot/apache/etc
# mount --bind /usr/lib/apache/1.3 \
/usr/chroot/apache/usr/lib/apache/1.3
# mount --bind /var/log/apache \
/usr/chroot/apache/var/log/apache
# ...
to /usr/chroot/apache/var.
The files in /usr/chroot/apache/usr could be hardlinked
directly.
This would safe some disk space, add file consistency
and allow for use of read-write and read-only mounted
partitions - without dedicating the partitions solely
for apache.
Cheers,
Jarno
P.S.: It's a pity that the syslogd socket is located
at /dev/log and not in an own directory. A hardlink to
/dev/log would have to be recreated after restarting
syslogd. Mount-binding the whole /dev directory into
the jail isn't fun either.
/dev# ln log log2
/dev# ls -i1 log log2
26321 log
26321 log2
/dev# /etc/init.d/sysklogd restart
Stopping system log daemon: syslogd.
Starting system log daemon: syslogd.
/dev# ls -i1 log log2
28090 log
26321 log2
Reply to: