Date: Sat, 04 Jan 2025 18:21:18 +0100 From: Stephan Lichtenauer <sl-pub-lists@honeyguide.de> To: "Dave Cottlehuber" <dch@skunkwerks.at>, "JH Foo" <jhfoo@kungfoo.info>, freebsd-jail <freebsd-jail@freebsd.org> Subject: Re: jail services in podman Message-ID: <86v7uuijg1.fsf@pcf00002.honeyguide.net> In-Reply-To: <0bea1d7c-7cf7-4faa-9b19-7fcc93ecb333@app.fastmail.com> (Dave Cottlehuber's message of "Sat, 04 Jan 2025 00:16:44 %2B0000") References: <9efebe67-e4e4-4919-bfdf-b7e29f4f0079@kungfoo.info> <b8abb79e-f552-41c0-9832-cc90687b804c@app.fastmail.com> <d64da8bd-e276-4287-9a66-e396c821bbf7@kungfoo.info> <0bea1d7c-7cf7-4faa-9b19-7fcc93ecb333@app.fastmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Dave Cottlehuber" <dch@skunkwerks.at> writes: > On Fri, 3 Jan 2025, at 19:42, JH Foo wrote: >> Can you elaborate how CMD helps to determine (quote) minimal >> dependencies are for each daemon or service? What happens if I >> were to > > If you run a normal startup with /etc/rc then that container > will > expect all the freebsd goodies - syslog, utx, cron, mailer, etc. > It will be more familiar but also fatter. > > If you manually trim down the dependencies, *and* your > application > permits it, you can choose just to run your minimal app. It will > require experimentation. > >> configure the container to run off jail /etc/rc.conf services? > > If you do that, no issues, *but* the container will exit as soon > as rc.conf > startup finished (as the ENTRYPOINT or CMD has completed). OCI > containers > are not the same as jails in this respect, by default. > Pot and Potluck has similar (even though not OCI compatible) capabilities. You can look at the *-nomad images at https://github.com/bsdpot/potluck to get an idea how service jails without starting a fully fledged FreeBSD jail with rc can look like. Stephan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86v7uuijg1.fsf>