What kind of problems should I expect from multiple jails mounting a directory with nullfs

I had some issues with this in the past, so before taking another try at it I thought I'd ask here to try to head off any problems before they occur. I unfortunately don't remember much about what the problem actually was, so I'll just explain the setup and hopefully the problem (and solution) is obvious. The problem I had was something to do with permissions that kept messing up, but that's all I recall.

Take a FreeBSD host with a certain directory on a zpool. say /data/jailshare.
Then, three jails are created on the host, each for running an individual service, and mount_nullfs is used to mount /data/jailshare inside each of these three jails. The running services each require access to the files inside /data/jailshare, and may interact with any of them at any time, to include deletion, modification, or creation of new files.

1. Does nullfs include any kind of protection to keep things from falling apart here? I can imagine all kinds of corruption potentially occurring when two jails try to do something with the same file.

2. It's hard to explain this one. The permissions, including ownership and group ownership, of the files needs to remain unchanged for the services to correctly work. The relevant users in the jail mirror those on the host, including username, uid and primary gid and such. Will the files appear to have correct ownership from within each jail and the host?

3. Is there anything that can be done to avoid potential problems that would result from the setup above? The host and each jail needs to be able to have full access to /data/jailshare and all the files within, and as long as that requirement is satisfied nearly any alternate solution would be considered, even if it's something other than nullfs.
 
1) No. If two processes open a file simultaniously you will have data loss. It's the job of the program to prevent this (i.e. with flock(2) or a simple lockfile).

2) The ownership in terms of uid, gid and permissions will always be the same in all jails and the host system. You have to take care that the username in every jail matches the correct uid.

3) None that I can think of. As long as you get your file access straight ;)
 
Back
Top