From nobody Sat Jan 4 00:16:44 2025 X-Original-To: freebsd-jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YQ1GX4qyJz5kcxw for ; Sat, 04 Jan 2025 00:17:08 +0000 (UTC) (envelope-from dch@skunkwerks.at) Received: from fhigh-a5-smtp.messagingengine.com (fhigh-a5-smtp.messagingengine.com [103.168.172.156]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4YQ1GX2hRbz4VC7 for ; Sat, 4 Jan 2025 00:17:08 +0000 (UTC) (envelope-from dch@skunkwerks.at) Authentication-Results: mx1.freebsd.org; none Received: from phl-compute-02.internal (phl-compute-02.phl.internal [10.202.2.42]) by mailfhigh.phl.internal (Postfix) with ESMTP id A83C611401B2; Fri, 3 Jan 2025 19:17:06 -0500 (EST) Received: from phl-imap-02 ([10.202.2.81]) by phl-compute-02.internal (MEProxy); Fri, 03 Jan 2025 19:17:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skunkwerks.at; h=cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1735949826; x=1736036226; bh=G4m6VHOwQgFn0Avd7Uw+ordcvMuMlf+10BLGPg2UTm8=; b= XkIRhTC561bqexXlbIc6c5DnZn3W0fzHbpteHnsdLUmGwtoe1lIlPryteZO6MgZI Zw2PQu4gpb/Kb0AZPSdVhgFq/4wEBt2tWPAgBbOLb12WZqh+USWo46S/2XsqrVcr XY2z5xh1E5qz7N6B5uBPep0Xe/qhnB/iJo+bHnjp1+M9V3FYN8TKQZIXXAW82hnL VzFEQ5wHPBmFLat29npTgevWURRKPpmuKIpPB15qtdstjcIkWTmlNX0YZFzYMUYh 2JzemaJ10iUKN1N/EIfzwB7wcRPvrNcQEBzwFs4N1d8nNZ9LLoU5fiEWy2iKCOXC 2MVE1N6VfeSiMKRuw7UQrA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; t=1735949826; x=1736036226; bh=G 4m6VHOwQgFn0Avd7Uw+ordcvMuMlf+10BLGPg2UTm8=; b=eZHnk1OZI5dMsHWM3 UrvyO/lcyIfe9+uOsGK9p1NKaqlupgj0LaRo3fRmF0J/DqPQguBTDlxlTQdw3Jv6 0uJGCgRSJkpoiWyXOcSeLttco/x1bpWWZw2sivyfDigPAatao1E9tkbUSBr49i8k lyqIbA6YkRabiTr7GXyZgKt6wCLQirgSl1mbuq9yIEMKYln1e/A2l8Q6icXE8yks IRH2ii4OPi2/Bn0CjSlnv4UOUCv875d7A82s/3zQeptrWAYnazYVa3w9CPI0eEvz kct8sLrU+dQ/lyhih4Se3p6W4Zij2lx7SxkE46cSVuABCUOOETQwkbU+/du4Urrz WwhZQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddrudefhedgudelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhepofggfffhvffkjghfufgtgfesthejredtredttden ucfhrhhomhepfdffrghvvgcuvehothhtlhgvhhhusggvrhdfuceouggthhesshhkuhhnkh ifvghrkhhsrdgrtheqnecuggftrfgrthhtvghrnhepjedvjeelgeehvdfgtefhheeugeeu teduteeivdehhfelkeduveefuefgjeevueefnecuvehluhhsthgvrhfuihiivgeptdenuc frrghrrghmpehmrghilhhfrhhomhepuggthhesshhkuhhnkhifvghrkhhsrdgrthdpnhgs pghrtghpthhtohepvddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepfhhrvggvsg hsugdqjhgrihhlsehfrhgvvggsshgurdhorhhgpdhrtghpthhtohepjhhhfhhooheskhhu nhhgfhhoohdrihhnfhho X-ME-Proxy: Feedback-ID: ic0e84090:Fastmail Received: by mailuser.phl.internal (Postfix, from userid 501) id 00918B0006A; Fri, 3 Jan 2025 19:17:05 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@FreeBSD.org MIME-Version: 1.0 Date: Sat, 04 Jan 2025 00:16:44 +0000 From: "Dave Cottlehuber" To: "JH Foo" , freebsd-jail Message-Id: <0bea1d7c-7cf7-4faa-9b19-7fcc93ecb333@app.fastmail.com> In-Reply-To: References: <9efebe67-e4e4-4919-bfdf-b7e29f4f0079@kungfoo.info> Subject: Re: jail services in podman Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4YQ1GX2hRbz4VC7 X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:151847, ipnet:103.168.172.0/24, country:AU] On Fri, 3 Jan 2025, at 19:42, JH Foo wrote: > Can you elaborate how CMD helps to determine (quote) minimal > dependencies are for each daemon or service? What happens if I were to If you run a normal startup with /etc/rc then that container will expect all the freebsd goodies - syslog, utx, cron, mailer, etc. It will be more familiar but also fatter. If you manually trim down the dependencies, *and* your application permits it, you can choose just to run your minimal app. It will require experimentation. > configure the container to run off jail /etc/rc.conf services? If you do that, no issues, *but* the container will exit as soon as rc.conf startup finished (as the ENTRYPOINT or CMD has completed). OCI containers are not the same as jails in this respect, by default. A+ Dave