Date: Tue, 20 May 2008 14:25:10 +0200 From: "Frank Behrens" <frank@harz.behrens.de> To: freebsd-java@freebsd.org Subject: Re: JDK minimum chroot environment Message-ID: <200805201225.m4KCPBF1099241@post.frank-behrens.de> In-Reply-To: <200805201116.m4KBGcsQ054861@lurza.secnetix.de> References: <200805201116.m4KBGcsQ054861@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Oliver Fromme wrote: > I would like to create a chroot environment which will > contain JDK 1.6 and a Tomcat-based application. The > base system within the chroot (FreeBSD/amd64 7-stable) > should be as small as possible. I had this in the past with JDK1.4 and FreeBSD-5/6 in a jail. It was a minimal system, I copied only the required libraries into the jail (dependent from ldd output). I can not guarantee that my following statements are still true for current systems. Please note that I used i386 and your amd64 may have other libraries. > My current plan is to remove these things: > - /rescue Of course. > - /usr/share except for /usr/share/misc/termcap.db I had only /usr/share/zoneinfo > - /usr/include not used > - /lib/*.a and /usr/lib/*.a (static libraries) Yes. > - compiler toolchain (gcc, cpp, ld, everything related). Yes. > - /sbin and /usr/sbin /sbin/ldconfig may be necessary in /usr/sbin I had daemon and nologin in /bin I had only cat* csh* date* kill* mv* rm* sh* > - /usr/libexec removed I had only /libexec/ld-elf.so.1 > Will the JDK still work reliably without the above things? I had it working for some time. The only difficult thing was the update of binaries on OS updates. A full jail (ezjail) is easier to handle. > In particular, does it need any parts of the compiler tool > chain (e.g. the linker or anything)? No. Regards, Frank -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200805201225.m4KCPBF1099241>