From owner-freebsd-questions@freebsd.org Wed Aug 26 16:28:29 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 216A33B1179 for ; Wed, 26 Aug 2020 16:28:29 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BcBB46Yp9z4FSl for ; Wed, 26 Aug 2020 16:28:28 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:c4ea:bd49:619b:6cb3]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "Let's Encrypt Authority X3" (verified OK)) (Authenticated sender: matthew/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 8357C217B9 for ; Wed, 26 Aug 2020 16:28:28 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from liminal.local (unknown [IPv6:2001:8b0:151:1:4443:8627:2e04:357]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 773E32039B for ; Wed, 26 Aug 2020 16:28:27 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none (p=none dis=none) header.from=FreeBSD.org Authentication-Results: smtp.infracaninophile.co.uk/773E32039B; dkim=none; dkim-atps=neutral Subject: Re: Jail question: packages with relative symlinks To: freebsd-questions@freebsd.org References: <24d244da-43e4-9a5e-e940-3f183bc5a50e@holgerdanske.com> <9127e9ca-c6be-d007-bd82-fdf7c5508242@kicp.uchicago.edu> <7c3ad6a6-5ff1-5816-dc23-83d80590baac@kicp.uchicago.edu> From: Matthew Seaman Autocrypt: addr=matthew@FreeBSD.org; prefer-encrypt=mutual; keydata= mQINBFJIL80BEADi7/VbnnErDU6pjEhI/SzEZ/HbDRkJ5g7HroAtqIRm6nj8ZwOAgZ/2ZnWn 5F+fXTuLsG0FLNtkd17FoVcuCi5e/GPliXI5cmamV7E1Yz4T8UsJ7RQolimyxVexccKd16Tc AA7B9bFlJSKkBUSD0buj7VjT07xWhRzu6Vgi5r0UjLALYJz977uZA0F1aOGOXREDEAOhdcNc kSNjynqAwDA6dCT1Elpi4key1fYjv4jyDF+GU/YXul2Y/rguA8FCkHd9vyym5eAsLQ5mG00V V9fkEHIpH5KorNVnl/ufHXnkZqmHAZVpFDcrshb7aZ/pL45PXyWgLj+e6etelgj3a2bZi0JF cVdXCnBZVP2oIyYblM11ugTbfCwodORU8a5KfPeztMdAtDr4e+32NTrPdPi5rLT+GUsYz+PL 3A3m3u8bdsFp40DlIrBtSByVjqERxcfhphrEB4J8BXHUG7OAtXkZMlW/PGKDwXJq0O6Z5Tcg YHAoEiSWbXiexHgXNJyP+sqnIlhLWhSJGeJ+C83wqI6oYlZUCW00NkPxcIHnQPV/z+5wQVci TMyaWC2YCIHz4Ljs+TnwWMz0E8PNFDfHVbQ0W4PRGV7gRAqxfL+yKufauIEGbEq8rNDbSwL3 bcUCxR4ZDlaUEUwT4J8naf7rjdgiEYHs2Ig3jeK1+ER4FPG1sQARAQABtCRNYXR0aGV3IFNl YW1hbiA8bWF0dGhld0BmcmVlYnNkLm9yZz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgMC AQACHgECF4AWIQRyz6whebywJLW1RZADb2ye5/OevwUCXp/jFQUJDjo4SAAKCRADb2ye5/Oe v5lwD/0bhCaxMGrWb1PpmvqwARJRcqcXJOLUJXUvjKrMp97OtbGOucgsmTvBzXR7XaZrW/Y4 t5kquSg39ZellWjeVn2GUc4Cql+IPlGkxYiJu39dHu66iOhgpfOzIZQL7NxFysc+bvY0/XO6 sfNNUcIQ0ywmiOQedoxmcJs/gJo4mAZsf9ltLnlDeCTG8OqsjAKUsxatoGHvZ3wvFeEfdYjJ 9BO1haLm5EnnEnMlmgfopR3oW7oV8p8lIVFwzeHJTCVOv3xoo5o0kXK+YHdOLYWcPM9hiMDq u5AGbfPWw8IsDWFjeCUcgNADCG/DKJ98ld6R7QjDCOh8waKQDSStPxF71YwtUKRMCm7JayrM GhIlFxCfp5P9ALdiTsOctW5ONBBGvyCd3ggVikCxvsIP7rmt+yh5Bd6rz+Q9z/RikugN8ZRA 4g2TwDaM36obseh5VyDSlOkWpIJ7Mi5g8TWnhwy2KGeVvuQh2jeeMzCUBFQ3cV9sifAkcjoK ldsanwjKzqMT8Tf671zALHeWj1VtRjiRGDBPpTPeA/bmqZLAL5kqUejYZeqI7rkUN4cGYW59 o8P9F0GDcDBhoYRQOxPcm+eJMOjr8oDxwfGUJN5QYPEaEXxLfypSYrK8qem5Lp4uIdJfTLrT atLU97HL+POyyhDnvfob54OlY2BqUYL173MpHt17J7kCDQRSUUKTARAAt6FH3HbDFoumOWUu JlDgOQs3wdp2n3IKv7gqzbDdgaoWW7hDTvjO0Cb6p2PGUKEoxMQQoIdDO0pQ9rgr4Sh4VSVC 9WMO/fUwqdrIs2nACIg4OwvNhIccW08S+N72f+yuXWOQ/dv79cwruE26/BEXgIP09MYcOWwc UCXzOoUR3er+jzcsN9uFjcsBVUJLIEru1askHRzCUa5P9S9GAFBwN49HC5IJWEzdLP27FjjO G5UG3+QZahHrjG1i6S3bIYXtaGsqNyfkp9Is7Wpj2kk+s9Ua+YMG/V5YVlbANIexa1yr75p1 W9biqXpCWnB3TaHSfI0G1t9w8K2qhR/Z1/YLIcRzZ2aHJnvbzJYw5Cs1jfNpFytbASsxj0rb ReouftlBvVWFRxsZ+oG1ZXL64/SVKMZAnfBNxd1uajp+HtoQtYoTu88la6zcdnAhOD5JdOnt N2VF8iQnDfPgkidfuSZ1C059xaRPTSRJBgMRDtOlDxgz7Pxx/7L2jwxRY1dq6NGioflY7CCp Gc7bi1K6xnf3lBL8X2nGpRAVsg9Lx1ShIWkgNbTAcPXpXcXlJ1xqz8HS8Twadh6gIfk/RNch BIED9lkVCKHYp/XQb8T8vMwn/kTWUm5WlPkQUFQN4D1b6+dJw4bwn/wiRS8did1MU1OytJB6 tljfEUCx0uKkzqr+33MAEQEAAYkEuwQYAQoAJgIbAhYhBHLPrCF5vLAktbVFkANvbJ7n856/ BQJen+OUBQkOMSYBAonBvSAEGQEKAGYFAlJRQpNfFIAAAAAALgAoaXNzdWVyLWZwckBub3Rh dGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDE5RjE1NEVDQkYxMTJFNTA1NDRFM0Yz MDAwNTEzRjEwRTBBOUU0RTcACgkQAFE/EOCp5OdNFg//ZqeVdGoKkMvALPzZjGz84+6l0kcM xSN4TfWmec0YpSmDEzCw4/SZoGqHlZb8lcTevmNrNXg6c+wVw6P+Ycl20Nzb98Kt9C5sz+zG VmPPK+3O9gaPnEqlIKnnbxKXXNHQdd8Mf0UTpifMqX0IkWOqhe/tQKGoQ9+feKvLIaToIe/N josW6vJ9YAgFqZ0015zwbElhMNFmgDMOI2SgjBZ9ngP1U82Mqb7/7G9GxHtnwuJBSnPJgN8t av2O9uWPC0N8deyZBH4y9ERBPTFMc46wjkW030olcq7g4hZ55rpPIEyGQZCq4u1gGibbiQJZ EyUQT7BJm70/PeUr3uNjPlQODV/lF5TBvqGHEmlSQfo6Yb/QQx07CK9bvhUSO2XP3ybS8Jwo MZlgZzZcjiPiQF9ot6152/Cp/XrsKgtk+fg5ARZpyywRlQk1JCHRZvhgXIxqNYA04uwdPFcL I4vPiDaLS8mhXHLRZsSpHmIBqqrnam5Lq7iDc39UZrSJMM40oy3iAOI2B7AOCbzxRuEplJd3 E/tEqrnFGcPVN+h52ka74lEyfkwA2RrASWJJcXLN3/VsizEj8okepefzjU/UPnU8sirzeWWo 8Z4uKddovk//NwAPUJbee4vZLjYE6MWdpEoZP9CZXbtIPWuc9Djg16aHOgv44JPokDMaHA27 A4rw2KwJEANvbJ7n856/CZQP/1XGLC6fXn9SsllmWbsBjgERmqqNEz1c7uxqdNcPc3v/p5hG vuJmbg76H+dj9ZiHvStnSg7TQ73TtDbQNlnnAuyN53iYDzDGk8ZkQtWviwvbs1G4VbgB8DA5 Wdpjx/nH5vOpKB+6d9/KPZdjpHJVQydAbEqf6alRyMx2COBKzUg8COTQQtktO7fuXf1jzlOs OiSuHYTgRq7HUoYTvs8S62W2szMdYEBDJ+/j+9q24sKDpJYEnCKfirX5yFeknkRQUUz1Zsyi thnOPgJI1j5kdClSAA6q5LwDorHhzW4LVATqd4ATSeM9yTKSPbskquC3olamX3Bbfl8bT4NP Eot1d8A2FWehpWPrIvl2Tg4nI2/9krighKrrQBkC91A1bJPg4td3msCvrYRkiVFVFNHIO2uD XtTJ+heUmvNM4XlvUTXo7BE9Ew3yLg2B+Ipo5FVJJVPvKfWxVGKVVxBzMhbPYmbwNxE+NKZa J51Tdl+KeDXniadB5DMX/er7bhmG44dQUvz3kDYAX8c1i9vCxVQWNxcV98/ZO5RtXXZxokdh 8IMjqGonk9XlLi5GLbCMww2pQVqWVuQfLZTeVAzklB3dAj5ByJL1WbdIXMekMDWYXaEc+TAy tbaPz1YLJRz2s0tFOULw4LiVQqMobRRl1anfoEiUrSHHeTV1DrA+W1uQuf+cuQINBFJRQrgB EADUWFag56O3CaycayGght1rYWYz7P9/3s7OlqAuEAId8/kSz8jXzAb/Qb6t0247a2MD0gxn jgZQy2OiQOsOTrc31L6tUrLVATL5Q3oKIh9hOlNMA+cRjsgY3UmMaSw+Gftp64EJDBQwBXWT 7CSUEJw4PqzwMPiTHRkmqQfzdfNagFJVqZ0e+cznoLzI9WvkccwLW1kicBYEysX5yOXUQ9/P cKqRWcbxLFznJ16JsxL1DeUct5WRWUxECY2rM0t+AkNRa3NpzskiMUSzFhiGmJo9yyy1RS4d rjMhEn/IcM1sO21ZF/WWuUVkul65qngFnaFDDRQ5lU3AagWhLhmppmK/yabSVfqz38B1APoB WuldYprslTbAOJrL2xFtiH7m9VYbP2aGdwr9V/C27kiNWnm/lYzP9Z+dTFkxw2V+BOjiLWzD DD6pEE7YDhiPyoopadOyXtoJf3aK1OI+DBu3piBA/CDDDvavruM+3mjxUxcOo8w8rMaJzDUD LG0yOyhKWef3UW5ly3CKXe8+m/MZe0GavNBJt0ObLQpPmnn9b2kP/xS0ssszo8uzlfSMiGi9 AedAoRQ7vFXfI0MBb0M8gJ6Ht/+j1b5Al9ABeeA3PRuu+aBJwBRdFp4AV5BsCa0Qb3aqVJUP uBvtY56aWWB9sSfQ1qeu/loRxkJbHhaPJswscQARAQABiQI8BBgBCgAmAhsMFiEEcs+sIXm8 sCS1tUWQA29snufznr8FAl6f45QFCQ4xJdwACgkQA29snufznr9gXRAAoM1Vj0WDukryz52s MM4wPD6ny/uGaL0mTscWvvZZ7sXhJSgdLkYYZeXRuDOZN6K8vCxFB1frploGOHY6z5U3CW/l sEIW0BvEoYi5yLneCIJU2M5Y/8+35ffdV103de+RXP4VpAVf3kNdle7z6xpO452fhw2ymrAV +PgLlRBNVVgPG6NCrSpwLE5B63+guJzwhJ8dQGgi+TQTGHdWz66UQLig1KRON/KFtOlDCJci YLYmnnXIqb60JD8oePfjgyFTHEdXcEllsHtRhtE81Aw6fMeOZigxKaDcDzopS+8RWSHxrFL9 qwCNWL9KycIu2usa5qxBSVf4Q9hr2vFVuQZHnVDvuM6RzJBgD+j7o7xA7DWGv1njPJyoCCmV SRz4XuV2Y2jonNuEipsaftzMFlIkg4yg0s+eknh0cv0IjFTas5FMGX7hQLClnsCy8rzCDzKC J4jNALJ22sdft1CsZjOz7x+aOg5ypDOfR29PmF/gygk2dgt9HjMHcYlOkgsbY0/PwxNIpgYM xI7iELFa7W9ZNZfcWDSaP/VQfsL2/vOHBZzEmqmalQHp5QeZszGDTwr7yR886viXbLV40bBs ZXyVm2yodwsT3B1swxMGASV6ZG9p0bURekwyuN1zjCf2cIr6SrU8gTZjQyAlfDtU+dhvVCfw D2UGgsFXnd7KkBLadQs= Message-ID: <2eb62151-38b5-5e63-43a1-5cac1967b681@FreeBSD.org> Date: Wed, 26 Aug 2020 17:28:26 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 MIME-Version: 1.0 In-Reply-To: <7c3ad6a6-5ff1-5816-dc23-83d80590baac@kicp.uchicago.edu> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="KQf1JI2RnRDUndD5xrh7q9RfdoYquY9Hm" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Aug 2020 16:28:29 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --KQf1JI2RnRDUndD5xrh7q9RfdoYquY9Hm Content-Type: multipart/mixed; boundary="lCZZwj0gdB2sOrXURdEhItQ1CvJl5jcLS" --lCZZwj0gdB2sOrXURdEhItQ1CvJl5jcLS Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: quoted-printable On 25/08/2020 22:30, Valeri Galtsev wrote: > I probably didn't explain things detailed enough. >=20 > my jail has its root in: >=20 > /jail/[jailname] >=20 > so all what is inside jail on host filesystem is visible as: >=20 > /jail/[jailname]/s/etc > /jail/[jailname]/etc --> s/etc > /jail/[jailname]/usr > /jail/[jailname]/s/usr-local > /jail/[jailname]/usr/local --> ../s/usr-local > ... >=20 > the >=20 > /jail/[jailname] >=20 > is base system mounted read-only (with symlinks etc pointing to s/etc, > and others which point to a single place >=20 > /jail/[jailname]/s >=20 > which is mounted read-write, and this is the only place inside jail > which=C2=A0 is read-write. This is the wonderful idea which inside jail= makes > base system read-only. And it is convenient, as you maintain only one > base system (of given version) for all jails. And as you correctly said= , > chroot is used (in addition to other things), so inside jail what on > host is /jail/[jailname]/ is plainly / >=20 > I hope, this provides enough detail to un-confuse things (and the need > of symlinks when one sets up jails "by the book", meaning FreeBSD Handb= ook) >=20 > Valeri There's a '--relocate' flag to pkg-add(8) which almost does what you want. The idea is that it allows you to prepend an arbitrary path to the location where the package is installed. In your case, that would mean running pkg add --relocate /jail/[jailname] some-package However I'm not sure how well that works for installing the same package in several different jails, or in your jail and in the host system -- you might need to play games with using several different $PKG_DBDIR setu= ps. Also, it only works with pkg-add(8), not pkg-install(8) or pkg-upgrade(8). It is an experimental feature intended for use in cross-installing packages for a small appliance by mounting its drive onto a larger and more capable machine. Cheers, Matthew =09 --lCZZwj0gdB2sOrXURdEhItQ1CvJl5jcLS-- --KQf1JI2RnRDUndD5xrh7q9RfdoYquY9Hm Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEGfFU7L8RLlBUTj8wAFE/EOCp5OcFAl9GjapfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDE5 RjE1NEVDQkYxMTJFNTA1NDRFM0YzMDAwNTEzRjEwRTBBOUU0RTcACgkQAFE/EOCp 5Of0JQ//awsGX3Bti13wriz2HISh0mXtf8Vz0NztAQ5dpqamU8FAb0faCxFQkGGd KKWq89i42kp7jDf+ctvmwu7si14N/eqkq3axt6isFDGgfyb+AgWEUmY7lsJKcExQ iiHuGDvHJ6Uio2LRRVN31wKfKgfXvsBilArXGF8DQ7EnfSKpCoxAA0yU+bA7R/jN YTB8p3lDPYXv8n9I7uAlQBkeyjcGkiM/owXdWSnK6xK3/FgrzBTXg4AkQnWircMt eZfj+GTx3YPpY5SgNyJjcFo0SvXeVjEOVqKW84CUo7vPXK7rxCDSB0G2GQilmjIS iU2/8QM/aXKbmGiJOb8amWZ/r5qra+gEF6bBeiBq/v74uR3UYO0Lc5x+mUvYLY9z tFvEai+z7moOQqMcle263ABWcASYPXLRYiM5DssVqDn/yEzzilGKKAUaC1lPm72I aFJRilwLIlpo8DW91bSOqTl6r93Lp2QbfklFne8HUSohR34M3fgxO9oVNUYZOooH BoVkyvt3qkmC/pjpu9J6w8mzPTC+LpopJ7kz5fPXu+V9u+8/hHg2pOXvQ0xnDwyc DVaEEzyhtSUZnnPR88BdUKJAGkurJeMvyqYSaghIlSIrHtq4plwQfJk4S8r3JZSH plzfsSC5TQWZH7yZj58XJ0AH5C+XePAt3a9fSDegUOBTiTYOwG8= =VlUK -----END PGP SIGNATURE----- --KQf1JI2RnRDUndD5xrh7q9RfdoYquY9Hm--