From owner-freebsd-java@FreeBSD.ORG Tue May 20 12:25:20 2008 Return-Path: Delivered-To: freebsd-java@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D715B1065674 for ; Tue, 20 May 2008 12:25:20 +0000 (UTC) (envelope-from frank@harz.behrens.de) Received: from post.frank-behrens.de (unknown [IPv6:2a01:170:1023::1:2]) by mx1.freebsd.org (Postfix) with ESMTP id 2ECAA8FC12 for ; Tue, 20 May 2008 12:25:19 +0000 (UTC) (envelope-from frank@harz.behrens.de) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=behrens.de; h=from:to:date:mime-version:subject:in-reply-to:references:content-type:content-transfer-encoding:content-description; q=dns/txt; s=pinky1; t=1211286318; i=frank@harz.behrens.de; bh=YF7w2d4zdqbeQ8mtlJs7ceoaabc+so0Jg/x2roZJKvU=; b=vy9SVBdXZnDyzFtQE3IxS3ao9RlEQOSZgSkNDrPaKlC7Y7Khi8bwlotukOPfhR2Mde1lh4rx3+nC6bB1yP2uQA== Received: from sun.behrens ([IPv6:2a01:170:1023:0:7996:17b2:46ec:debb]) by post.frank-behrens.de (8.14.2/8.14.2) with ESMTP-MSA id m4KCPBF1099241 for ; Tue, 20 May 2008 14:25:11 +0200 (CEST) (envelope-from frank@harz.behrens.de) Message-Id: <200805201225.m4KCPBF1099241@post.frank-behrens.de> From: "Frank Behrens" To: freebsd-java@freebsd.org Date: Tue, 20 May 2008 14:25:10 +0200 MIME-Version: 1.0 Priority: normal In-Reply-To: <200805201116.m4KBGcsQ054861@lurza.secnetix.de> References: <200805201116.m4KBGcsQ054861@lurza.secnetix.de> X-mailer: Pegasus Mail for Windows (4.31, DE v4.31 R1) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-Hashcash: 1:24:080520:freebsd-java@freebsd.org::uFv1LC9DagjWS+hT:000000000/Ym8 Subject: Re: JDK minimum chroot environment X-BeenThere: freebsd-java@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting Java to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 May 2008 12:25:20 -0000 Oliver Fromme wrote: > I would like to create a chroot environment which will > contain JDK 1.6 and a Tomcat-based application. The > base system within the chroot (FreeBSD/amd64 7-stable) > should be as small as possible. I had this in the past with JDK1.4 and FreeBSD-5/6 in a jail. It was a minimal system, I copied only the required libraries into the jail (dependent from ldd output). I can not guarantee that my following statements are still true for current systems. Please note that I used i386 and your amd64 may have other libraries. > My current plan is to remove these things: > - /rescue Of course. > - /usr/share except for /usr/share/misc/termcap.db I had only /usr/share/zoneinfo > - /usr/include not used > - /lib/*.a and /usr/lib/*.a (static libraries) Yes. > - compiler toolchain (gcc, cpp, ld, everything related). Yes. > - /sbin and /usr/sbin /sbin/ldconfig may be necessary in /usr/sbin I had daemon and nologin in /bin I had only cat* csh* date* kill* mv* rm* sh* > - /usr/libexec removed I had only /libexec/ld-elf.so.1 > Will the JDK still work reliably without the above things? I had it working for some time. The only difficult thing was the update of binaries on OS updates. A full jail (ezjail) is easier to handle. > In particular, does it need any parts of the compiler tool > chain (e.g. the linker or anything)? No. Regards, Frank -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available.