On Thu, Feb 03, 2005 at 03:24:40PM +0000, Oliver Fromme wrote: > The latter introduces a sysctl variable to control the > behaviour (it has three possible settings). They change > statfs(), fstatfs() and getfsstat(). The (commited) patch implements the "include all for the jail relevant filesystems". This slightly differs from your patch in that it always includes the directory the jail root is in. This patch also applies to chroot'd processes, since I believe the same information hiding is wanted. I explicitly kept the support for fstatfs on a descriptor opened before chrooting, since support for disk space checks might be wanted. The root directory is mapped to / in this case though. > The main problem that I had to solve is the fact that > some tools (notably ls(1)) don't like it if no mounts > are visible at all, which can be the case when there are > no mounts at or below the jail chroot. My second PR > solves that by providing a special sysctl setting that > will display only a faked root mount for all jails. I'd solved this by explicitly working the namespace topology from the fd_nrdir up until I hit a mount point. In FreeBSD it could be done by iterating over the mount points until the mount point matches the vnode of the root. But this might be problematic with stackable filesystems. > I don't know if any of this applies to DragonFly and your > (Joerg's) patch, but I thought I might share my experience > anyway. To summarize I did implement something similiar to the original patch without the short comings of the static mount points. I consider the fake root a bad idea. But it's nice to see someone else has done something similiar already :) Joerg