From nobody Tue Dec 31 16:16:23 2024
X-Original-To: freebsd-jail@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YMylG1N7Sz5jhMD
	for <freebsd-jail@mlmmj.nyi.freebsd.org>; Tue, 31 Dec 2024 16:16:26 +0000 (UTC)
	(envelope-from jhfoo@kungfoo.info)
Received: from kovan.kungfoo.info (vps-d143d178.vps.ovh.ca [51.79.144.36])
	by mx1.freebsd.org (Postfix) with ESMTP id 4YMylD56syz4Tcw
	for <freebsd-jail@freebsd.org>; Tue, 31 Dec 2024 16:16:24 +0000 (UTC)
	(envelope-from jhfoo@kungfoo.info)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=neutral (mx1.freebsd.org: 51.79.144.36 is neither permitted nor denied by domain of jhfoo@kungfoo.info) smtp.mailfrom=jhfoo@kungfoo.info;
	dmarc=none
Received: from [192.168.108.89] (unknown [192.168.130.87])
	by kovan.kungfoo.info (Postfix) with ESMTP id 2C0F6D97E
	for <freebsd-jail@freebsd.org>; Tue, 31 Dec 2024 23:16:23 +0700 (+07)
Message-ID: <9efebe67-e4e4-4919-bfdf-b7e29f4f0079@kungfoo.info>
Date: Tue, 31 Dec 2024 23:16:23 +0700
List-Id: Discussion about FreeBSD jail(8) <freebsd-jail.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-jail
List-Help: <mailto:freebsd-jail+help@freebsd.org>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Subscribe: <mailto:freebsd-jail+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-jail+unsubscribe@freebsd.org>
Sender: owner-freebsd-jail@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: freebsd-jail@freebsd.org
Content-Language: en-US
From: JH Foo <jhfoo@kungfoo.info>
Subject: jail services in podman
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spamd-Result: default: False [-2.74 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-0.85)[-0.846];
	RCVD_NO_TLS_LAST(0.10)[];
	MIME_GOOD(-0.10)[text/plain];
	ONCE_RECEIVED(0.10)[];
	XM_UA_NO_VERSION(0.01)[];
	RCPT_COUNT_ONE(0.00)[1];
	MIME_TRACE(0.00)[0:+];
	ASN(0.00)[asn:16276, ipnet:51.79.128.0/17, country:FR];
	R_SPF_NEUTRAL(0.00)[?all];
	RCVD_COUNT_ONE(0.00)[1];
	FROM_HAS_DN(0.00)[];
	R_DKIM_NA(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-jail@freebsd.org];
	TO_DN_NONE(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	DMARC_NA(0.00)[kungfoo.info];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org];
	ARC_NA(0.00)[]
X-Rspamd-Queue-Id: 4YMylD56syz4Tcw
X-Spamd-Bar: --

Not sure if this is a jail or podman thing: I'm learning about running 
apps in Podman, and the recommendation seems to be to include a CMD in 
Containerfile/Dockerfile. When the binary called by the CMD ends, the 
jail is stopped. In the example 
(https://gitlab.com/bergblume/podman-caddy-on-freebsd/-/blob/master/caddy.yml?ref_type=heads), 
Caddy is run daemonless using this technique.

My question is: in the world of sidecars is this still the right way to 
execute long-running (e.g. API) services? I'm using Bastille now and I 
set up Caddy (for example) as a service in /etc/rc.conf. Is this 
considered anti-pattern in Podman/OCI containers?