From owner-freebsd-questions@FreeBSD.ORG Fri Apr 20 09:31:07 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 47E44106566B for ; Fri, 20 Apr 2012 09:31:07 +0000 (UTC) (envelope-from ml@netfence.it) Received: from cp-out9.libero.it (cp-out9.libero.it [212.52.84.109]) by mx1.freebsd.org (Postfix) with ESMTP id C44468FC12 for ; Fri, 20 Apr 2012 09:31:06 +0000 (UTC) X-CTCH-Spam: Unknown X-CTCH-RefID: str=0001.0A0B0205.4F912CD4.019A,ss=1,re=0.000,fgs=0 X-libjamoibt: 1555 Received: from soth.ventu (151.41.166.231) by cp-out9.libero.it (8.5.133) id 4F6ECC8C03D9E8E2 for freebsd-questions@freebsd.org; Fri, 20 Apr 2012 11:31:00 +0200 Received: from alamar.ventu (alamar.ventu [10.1.2.18]) by soth.ventu (8.14.4/8.14.4) with ESMTP id q3K9Uv2v074832 for ; Fri, 20 Apr 2012 11:30:57 +0200 (CEST) (envelope-from ml@netfence.it) Message-ID: <4F912CD1.8040806@netfence.it> Date: Fri, 20 Apr 2012 11:30:57 +0200 From: Andrea Venturoli User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; it-IT; rv:1.9.2.28) Gecko/20120418 Thunderbird/3.1.20 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <4F7C0365.1050201@netfence.it> <4F7C5561.9000208@a1poweruser.com> In-Reply-To: <4F7C5561.9000208@a1poweruser.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.73 on 10.1.2.13 Subject: Re: Best practices about Jails X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Apr 2012 09:31:07 -0000 On 04/04/12 16:06, Fbsd8 wrote: > This is overkill. I single ports tree on the host is fine. Matter of > fact I use packages for everything accept for php which I have to > compile in apache module. I even pre-install all of php's dependents as > packages before doing "make install" on the php port. As far as > portsclean goes its only for the paranoid. Ok, I've gone this way. > If you dont have full ports tree in the jail then no need for portaudit > in the jail. Portaudit doesn't check the port tree; it checks installed ports. > Best practices is not to create a jail environment by hand as documented > in the Freebsd handbook. The port utility qjail simplifies and automates > the process to the point where you dont even have to know about the jail > command. http://qjail.sourceforge.net/ use the port version for 8.x & 9.0 I've had a look at qjail; it seems very simliar to ezjails, which I used (I didn't do jails by hand). bye & Thanks av.