From owner-freebsd-questions@freebsd.org Wed Jan 18 17:01:24 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F0007CB6787 for ; Wed, 18 Jan 2017 17:01:24 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.20.71]) by mx1.freebsd.org (Postfix) with ESMTP id D0B5B1CC8 for ; Wed, 18 Jan 2017 17:01:24 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 0E802CB8CA0; Wed, 18 Jan 2017 11:01:17 -0600 (CST) Received: from 128.135.52.6 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Wed, 18 Jan 2017 11:01:17 -0600 (CST) Message-ID: <28071.128.135.52.6.1484758877.squirrel@cosmo.uchicago.edu> In-Reply-To: <2a7da910fc6258fefb87c4b8361b07bc.squirrel@webmail.harte-lyne.ca> References: <2a7da910fc6258fefb87c4b8361b07bc.squirrel@webmail.harte-lyne.ca> Date: Wed, 18 Jan 2017 11:01:17 -0600 (CST) Subject: Re: FreeBSD-11 - EZJail - Sharing binary packages across jails From: "Valeri Galtsev" To: byrnejb@harte-lyne.ca Cc: freebsd-questions@freebsd.org Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jan 2017 17:01:25 -0000 On Wed, January 18, 2017 9:27 am, James B. Byrne via freebsd-questions wrote: > I am attempting to discover if it is possible to add a binary package > to the base system and have that shared by all of the jails hosted > thereon. This would grossly depend on how you create jails. If you do it "by the book", namely, if the base system in nullfs read-only mounted in jails, then you will have no handle on that via pkg, as all places pkg in all jails use are imminently rw, that is outside of read-only mounted base. The only logical way out is to "fiddle with the base", by adding your custom binaries/libraries/... to base, these, however, will be outside of where pkg can manage stuff. I'm sure, someone will advise to not mix anything into base system (which is my feeling too). My experience, though, is restricted to 10.3 and lover, and to jails built "by the book". > However, I can find no clear discussion of this either in > the man pages or on the EZJail project site. Nor is there much > discussion in the FreeBSD Handbook or elsewhere respecting this > particular subject. > > I have empirically determined that simply installing a package on the > host does not expose it to the jails. However, it seems to me that > this must somehow be possible. No, ideally it should not be. If you build jails "by the book" they have their own base system (read-only inside jails), and their own read-write portion individual for each jail. And that is done on purpose. "No one in jail should be exercising rights and freedoms of free ones" ;-) Valeri > > Is there a reference which discusses this in some detail or has anyone > here a short précis they can share on how this is done? > > > -- > *** e-Mail is NOT a SECURE channel *** > Do NOT transmit sensitive data via e-Mail > Do NOT open attachments nor follow links sent by e-Mail > > James B. Byrne mailto:ByrneJB@Harte-Lyne.ca > Harte & Lyne Limited http://www.harte-lyne.ca > 9 Brockley Drive vox: +1 905 561 1241 > Hamilton, Ontario fax: +1 905 561 0757 > Canada L8E 3C3 > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++