From owner-freebsd-questions@freebsd.org Wed Aug 26 16:39:20 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AB8DB3B1DAC for ; Wed, 26 Aug 2020 16:39:20 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from kicp.uchicago.edu (kicp.uchicago.edu [128.135.20.70]) by mx1.freebsd.org (Postfix) with ESMTP id 4BcBQb5DCMz4GH3; Wed, 26 Aug 2020 16:39:19 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from [192.168.43.231] (unknown [172.58.143.111]) (Authenticated sender: galtsev) by kicp.uchicago.edu (Postfix) with ESMTPSA id EE4154E639; Wed, 26 Aug 2020 11:39:18 -0500 (CDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\)) Subject: Re: Jail question: packages with relative symlinks From: Valeri Galtsev In-Reply-To: <2eb62151-38b5-5e63-43a1-5cac1967b681@FreeBSD.org> Date: Wed, 26 Aug 2020 11:39:17 -0500 Cc: freebsd-questions@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <5E7E9966-E534-407E-B5DB-A45878760FA0@kicp.uchicago.edu> References: <24d244da-43e4-9a5e-e940-3f183bc5a50e@holgerdanske.com> <9127e9ca-c6be-d007-bd82-fdf7c5508242@kicp.uchicago.edu> <7c3ad6a6-5ff1-5816-dc23-83d80590baac@kicp.uchicago.edu> <2eb62151-38b5-5e63-43a1-5cac1967b681@FreeBSD.org> To: Matthew Seaman X-Mailer: Apple Mail (2.3608.120.23.2.1) X-Rspamd-Queue-Id: 4BcBQb5DCMz4GH3 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=uchicago.edu (policy=none); spf=none (mx1.freebsd.org: domain of galtsev@kicp.uchicago.edu has no SPF policy when checking 128.135.20.70) smtp.mailfrom=galtsev@kicp.uchicago.edu X-Spamd-Result: default: False [0.18 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; NEURAL_HAM_LONG(-0.22)[-0.219]; RECEIVED_SPAMHAUS_PBL(0.00)[172.58.143.111:received]; NEURAL_HAM_MEDIUM(-0.16)[-0.161]; NEURAL_HAM_SHORT(-0.04)[-0.043]; RCPT_COUNT_TWO(0.00)[2]; R_SPF_NA(0.00)[no SPF record]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:160, ipnet:128.135.0.0/16, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions]; DMARC_POLICY_SOFTFAIL(0.10)[uchicago.edu : No valid SPF, No valid DKIM,none] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Aug 2020 16:39:20 -0000 > On Aug 26, 2020, at 11:28 AM, Matthew Seaman = wrote: >=20 > On 25/08/2020 22:30, Valeri Galtsev wrote: >> I probably didn't explain things detailed enough. >>=20 >> my jail has its root in: >>=20 >> /jail/[jailname] >>=20 >> so all what is inside jail on host filesystem is visible as: >>=20 >> /jail/[jailname]/s/etc >> /jail/[jailname]/etc --> s/etc >> /jail/[jailname]/usr >> /jail/[jailname]/s/usr-local >> /jail/[jailname]/usr/local --> ../s/usr-local >> ... >>=20 >> the >>=20 >> /jail/[jailname] >>=20 >> is base system mounted read-only (with symlinks etc pointing to = s/etc, >> and others which point to a single place >>=20 >> /jail/[jailname]/s >>=20 >> which is mounted read-write, and this is the only place inside jail >> which is read-write. This is the wonderful idea which inside jail = makes >> base system read-only. And it is convenient, as you maintain only one >> base system (of given version) for all jails. And as you correctly = said, >> chroot is used (in addition to other things), so inside jail what on >> host is /jail/[jailname]/ is plainly / >>=20 >> I hope, this provides enough detail to un-confuse things (and the = need >> of symlinks when one sets up jails "by the book", meaning FreeBSD = Handbook) >>=20 >> Valeri >=20 > There's a '--relocate' flag to pkg-add(8) which almost does what you > want. The idea is that it allows you to prepend an arbitrary path to > the location where the package is installed. In your case, that would > mean running >=20 > pkg add --relocate /jail/[jailname] some-package >=20 Matthew, thanks for a nice idea! It has never occurred to me. Basically, = as package is installed by executing pkg command in jail, pkg already = sees /jail/[jailname] as / , but as I care of symlinks, and all writable = is in jail mounted as /s/ , relocation of that package to /s may do the = trick. I will check that, and will report if it solves my case, I just = could not hold myself and answered now being this excited by idea that = looks so simple so it is next to genius, and which never occurred to = me=E2=80=A6 Valeri > However I'm not sure how well that works for installing the same = package > in several different jails, or in your jail and in the host system -- > you might need to play games with using several different $PKG_DBDIR = setups. >=20 > Also, it only works with pkg-add(8), not pkg-install(8) or > pkg-upgrade(8). It is an experimental feature intended for use in > cross-installing packages for a small appliance by mounting its drive > onto a larger and more capable machine. >=20 > Cheers, >=20 > Matthew >=20 > =09 >=20