Date: Tue, 20 May 2008 15:57:48 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-java@FreeBSD.ORG, frank@harz.behrens.de Subject: Re: JDK minimum chroot environment Message-ID: <200805201357.m4KDvmwd061206@lurza.secnetix.de> In-Reply-To: <200805201225.m4KCPBF1099241@post.frank-behrens.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Frank Behrens wrote:
> Oliver Fromme wrote:
> > I would like to create a chroot environment which will
> > contain JDK 1.6 and a Tomcat-based application. The
> > base system within the chroot (FreeBSD/amd64 7-stable)
> > should be as small as possible.
>
> I had this in the past with JDK1.4 and FreeBSD-5/6 in a jail. It was
> a minimal system, I copied only the required libraries into the jail
> (dependent from ldd output).
Actually I would prefer to use a jail, too, but this
service needs to use several IP addresses, so I have
to use chroot instead of jail.
> I can not guarantee that my following statements are still true for
> current systems. Please note that I used i386 and your amd64 may have
> other libraries.
Thank you very much for your comments. They're very
helpful.
> > - /usr/share except for /usr/share/misc/termcap.db
(Note: I'd like to be able to open a shell prompt
within the chroot, that's why i keep the termcap.)
> I had only /usr/share/zoneinfo
Hm. Is it required? I think it will be sufficient
to have /etc/localtime for correct time zone information,
but I'm not 100% sure ... Maybe the JDK stuff does
strange things with the zoneinfo files?
> /sbin/ldconfig may be necessary
OK, I also keep /sbin/{md5,sha1,sha256}.
> in /usr/sbin I had daemon and nologin
OK, I also keep the pkg_* tools and a few other things.
> > Will the JDK still work reliably without the above things?
>
> I had it working for some time. The only difficult thing was the
> update of binaries on OS updates. A full jail (ezjail) is easier to
> handle.
Yes, I'm aware of that ... I hope OS updates within
the chroot don't have to happen often.
Thanks for your information!
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart
FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd
"I invented Ctrl-Alt-Delete, but Bill Gates made it famous."
-- David Bradley, original IBM PC design team
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200805201357.m4KDvmwd061206>