From owner-freebsd-questions@freebsd.org Mon Aug 31 17:18:10 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A082B3C77CE for ; Mon, 31 Aug 2020 17:18:10 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from mx32.harte-lyne.ca (mx32.harte-lyne.ca [216.185.71.32]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mx32.harte-lyne.ca", Issuer "CA_HLL_ISSUER_2016" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BgH356B7mz3Ymw for ; Mon, 31 Aug 2020 17:18:09 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from mx32.harte-lyne.ca (localhost [127.0.32.1]) by mx32.harte-lyne.ca (Postfix) with ESMTP id 682582A6F2; Mon, 31 Aug 2020 13:18:08 -0400 (EDT) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from mx32.harte-lyne.ca ([127.0.32.1]) by mx32.harte-lyne.ca (mx32.harte-lyne.ca [127.0.32.1]) (amavisd-new, port 10024) with ESMTP id HmVXU9baVlry; Mon, 31 Aug 2020 13:18:06 -0400 (EDT) Received: from webmail.harte-lyne.ca (webmail.hamilton.harte-lyne.ca [216.185.71.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx32.harte-lyne.ca (Postfix) with ESMTPSA id 0FDF42A6E9; Mon, 31 Aug 2020 13:18:06 -0400 (EDT) Received: from 216.185.71.41 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Mon, 31 Aug 2020 13:18:06 -0400 Message-ID: In-Reply-To: References: Date: Mon, 31 Aug 2020 13:18:06 -0400 Subject: Re: Jail question: packages with relative symlinks From: "James B. Byrne" To: "David Christensen" Cc: freebsd-questions@freebsd.org Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.23 [SVN] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Rspamd-Queue-Id: 4BgH356B7mz3Ymw X-Spamd-Bar: ----- X-Spamd-Result: default: False [-5.44 / 15.00]; HAS_REPLYTO(0.00)[byrnejb@harte-lyne.ca]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:216.185.71.0/26]; REPLYTO_ADDR_EQ_FROM(0.00)[]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; RCVD_IN_DNSWL_MED(-0.20)[216.185.71.32:from]; RCPT_COUNT_TWO(0.00)[2]; HAS_X_PRIO_THREE(0.00)[3]; DKIM_TRACE(0.00)[harte-lyne.ca:+]; DMARC_POLICY_ALLOW(-0.50)[harte-lyne.ca,quarantine]; NEURAL_HAM_SHORT(-0.74)[-0.736]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:12021, ipnet:216.185.64.0/20, country:CA]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.996]; RCVD_COUNT_FIVE(0.00)[5]; R_DKIM_ALLOW(-0.20)[harte-lyne.ca:s=dkim_hll]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.01)[-1.013]; MIME_GOOD(-0.10)[text/plain]; DWL_DNSWL_LOW(-1.00)[harte-lyne.ca:dkim]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Aug 2020 17:18:10 -0000 On Fri, August 28, 2020 00:19, David Christensen wrote: > On 2020-08-27 19:59, Valeri Galtsev wrote: >> When I said in my OP "I set up jails by the book" I meant FreeBSD Handbook, >> not any of printed books. > > Yes, I saw that. Unfortunately, I have found the FreeBSD Handbook to be > a mixed blessing -- some subjects are current and others are out of > date. Same comment for man pages. af3e and fmjail are both recent. If > and when FreeBSD revises jails, I may have to find a new resource. > If you are using ZFS on FreeBSD then IOCage is about as straight forward a means of setting up jails that you are going to find. If you are not using ZFS then IOCage is not an option. The man page for IOcage is as complete as any I have encountered. For that matter, so is the man page for jails. The advantage of IOCage is that is simplifies the user command line and infers the necessary options when maintaining a jail. This makes jails a more accessible option for sys admins with limited knowledge on the subject. IOCage setup of a jail on FreeBSD goes something like this: pkg search iocage pkg install py3?-iocage # py prefix will vary over time iocage activate zroot # zroot is the zfs pool name used - may be different iocage create --thickjail --release latest \ --name jailname \ ip4_addr="em0|192.168.216.88" \ # em0 replace with hosrt i/f host_hostname="jailname.example.com" \ assign_localhost="YES" \ # provide lo0 address if YES localhost_ip="127.0.88.1" \ # not needed if localhost = NO allow_raw_sockets="YES" \ # needed for ping allow_sysvipc="YES" \ boot="NO" # for start on boot set to YES Jails will use the settings in the host's resolv.conf unless explicitly set as follows. Changes made to resolv.conf in the jail will not survive a restart. resolver="search hamilton.harte-lyne.ca harte-lyne.ca;nameserver 216.185.71.33;nameserver 216.185.71.34;options edns0 timeout:3 attempts:3" You need to review the contents of the jails's /etc/hosts and make sure that the localhost setting are exactly as you expect. You start the jail with iocage start jailname You obtain access using iocage console jailname The root filesystem is located at /zroot/iocage/jails/jailname/root/ The jail's root user directory is: /zroot/iocage/jails/jailname/root/root/ The jail's console log is /zroot/iocage/log/jailname-console.log An iocage jail has two zfs datasets: zroot/iocage/jails/jailname and zroot/iocage/jails/jailname/root And that should be it. Updating iocage jails is covered more than adequately in the man pages. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Unencrypted messages have no legal claim to privacy Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3