From owner-freebsd-questions@FreeBSD.ORG Sat Aug 29 13:26:21 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 18142106566B for ; Sat, 29 Aug 2009 13:26:21 +0000 (UTC) (envelope-from kraduk@googlemail.com) Received: from mail-fx0-f210.google.com (mail-fx0-f210.google.com [209.85.220.210]) by mx1.freebsd.org (Postfix) with ESMTP id 93DAD8FC0C for ; Sat, 29 Aug 2009 13:26:20 +0000 (UTC) Received: by fxm6 with SMTP id 6so1908692fxm.43 for ; Sat, 29 Aug 2009 06:26:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=kRZeobxvkrzS6bGVg3blBtdas1M22V4xtC5Pu0iRATU=; b=hrVJiLvKSiMsUDkPCqiZzu4+HWFHJ+vVwazyXJd66hHBjpa/4Z1qIboyFgBfAGuof8 JRsZMQ+0F34c7QotJeQvMBsRqDS8MpHKnpbi+ksvFeLvRUzYtVNpelQqRaXwSxTdFLIZ Q/NMxDhgoKPziJ1h72IXTBV+w3nS0x0ctHUTA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=B2hRXw1CwJLh0zLNRmXGuyRx5WA1oKF+L/B6lz5BZRQhWfQx3t4FNUeMq4wxY/p9/L wI+pqYk+dvx27ih4lpTBtZG3FGZWJhw6ubijdPC6HNNuv02gZoPZbeYscUlMTgs/Izke Zah9YP2gIyCB0tddy2xZzFC3u3oPqg2u3rTDE= MIME-Version: 1.0 Received: by 10.103.87.33 with SMTP id p33mr957048mul.94.1251552379103; Sat, 29 Aug 2009 06:26:19 -0700 (PDT) In-Reply-To: <20090828104516.GB30068@ei.bzerk.org> References: <27ade5280908261959q39aeab15ta300048b861a50f7@mail.gmail.com> <6201873e0908262010n1f554fa6p88895ee4641a5620@mail.gmail.com> <200908271135.13045.erich@apsara.com.sg> <27ade5280908270713g5710797xadb07b5055158808@mail.gmail.com> <6201873e0908270803k639b4742w1211d686607f7e9@mail.gmail.com> <27ade5280908270928s256bed30s2cc75587b22577b1@mail.gmail.com> <20090828104516.GB30068@ei.bzerk.org> Date: Sat, 29 Aug 2009 14:26:18 +0100 Message-ID: From: krad To: Ruben de Groot , APseudoUtopia , freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: Information on Setting up a Jailed Webserver X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Aug 2009 13:26:21 -0000 2009/8/28 Ruben de Groot > On Thu, Aug 27, 2009 at 12:28:26PM -0400, APseudoUtopia typed: > > Two more questions then I should be ready to go with my jail(s). > > > > In order to minimize the HDD space of the jail, can I add things in my > > src.conf such as > > WITHOUT_BOOT, WITHOUT_ACPI, WITHOUT_PF? > > Yes you can. Another option is to use read only nullfs mounts for e.g. > /usr, > /lib, /sbin/ /bin to populate the jail. That will cost you no HDD space at > all. > The ezjail port, allready mentioned, can more or less automate this. > > > I do use pf on the host system, but it isn't needed inside the jail as > > well, correct? > > Rather, it's not possible to use inside a standard (non-vimage) jail. > There's > only one network stack. > > > Also, is it possible to compile a port (specifically nginx) inside the > > host, then simply cp it into the jail and run it? I'd like to do this > > to avoid installing a compiler into the jail itself. > > make package-recursive > > Ruben > > > Thanks again for the help. > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > I've not seen all this post so sorry if this has been mentioned before. Apache has a module called mod_jail, that means (im pretty sure) you dont have to build the full jail environment. I've not looked at it in detail but it's probably worth looking at before you start hacking around with full jails http://www.freebsdsoftware.org/www/mod_jail.html