Date: Mon, 9 Jan 2017 09:24:31 +0800 From: Erich Dollansky <erichsfreebsdlist@alogt.com> To: "James B. Byrne via freebsd-questions" <freebsd-questions@freebsd.org> Cc: byrnejb@harte-lyne.ca Subject: Re: FreeBSD-11 Jails and PKI Message-ID: <20170109092431.47967394@X220.alogt.com> In-Reply-To: <d70f72266d2fb772296601c829e1d408.squirrel@webmail.harte-lyne.ca> References: <d70f72266d2fb772296601c829e1d408.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Fri, 6 Jan 2017 12:01:57 -0500 "James B. Byrne via freebsd-questions" <freebsd-questions@freebsd.org> wrote: > If I want to make a binary application available to all jails do I put > it in /usr/jails/basejail/bin or somewhere else? Or is this > impossible? > > If possible then do such applications need to be statically linked? > > Similarly, given that I wish to maintain a common repository of pki > keys and certificates that are shared between jails, do I place these > in or under /usr/jails/basejail/usr/share/openssl/? or somewhere else? > Or not at all and place them separately in each and every jail that > requires TLS? > > The main issue I am dealing with is that we run a private PKI CA and > need to add our root certificates to the ca-bundle after each update > to /usr/local/share/certs/ca-root-nss.crt. > you have two options. Copy the files required to run your program into each jail or hard link them. But - very big but - do the hard linking only if you know what you are doing. Erich
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170109092431.47967394>