From owner-freebsd-jail@FreeBSD.ORG Tue Jul 29 21:44:47 2014 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 04023DF for ; Tue, 29 Jul 2014 21:44:47 +0000 (UTC) Received: from wonkity.com (wonkity.com [67.158.26.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "wonkity.com", Issuer "wonkity.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id A7F13295F for ; Tue, 29 Jul 2014 21:44:46 +0000 (UTC) Received: from wonkity.com (localhost [127.0.0.1]) by wonkity.com (8.14.9/8.14.9) with ESMTP id s6TLiiDr059427 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 29 Jul 2014 15:44:44 -0600 (MDT) (envelope-from wblock@wonkity.com) Received: from localhost (wblock@localhost) by wonkity.com (8.14.9/8.14.9/Submit) with ESMTP id s6TLiiqv059424 for ; Tue, 29 Jul 2014 15:44:44 -0600 (MDT) (envelope-from wblock@wonkity.com) Date: Tue, 29 Jul 2014 15:44:44 -0600 (MDT) From: Warren Block To: freebsd-jail@FreeBSD.org Subject: ezjail and mergemaster Message-ID: User-Agent: Alpine 2.11 (BSF 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (wonkity.com [127.0.0.1]); Tue, 29 Jul 2014 15:44:44 -0600 (MDT) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2014 21:44:47 -0000 This is tangential to my earlier changes to mergemaster. I'm working on an ezjail addition for the Handbook. The update section shows both source and binary updates. For source, ezjail-admin update -b on the host does a buildworld;installworld on the basejail. For binary, ezjail-admin update -r on the host uses freebsd-update to update the basejail. mergemaster is used after either on a real machine. By default, the ezjail basejail does not even have a copy of the source, making running mergemaster from inside the jail a bit difficult. What process for running mergemaster should I suggest? Maybe different ones for trusted and untrusted jails? The host can update trusted jails: mergmaster -U -D /usr/jails/jailname (It might not be safe to consider any jail "trusted".) The untrusted procedure is a lot fuzzier to me. Mount /usr/src on the basejail, then only run mergemaster from inside the jails? Is there a good way? Or a standard way? As with other things for the Handbook, we should be showing best practices. What is the best practice for mergemaster on any random jail, trying to conserve disk space as much as is safely possible?