From owner-freebsd-current@FreeBSD.ORG Wed Feb 11 11:02:41 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AF61D1065693 for ; Wed, 11 Feb 2009 11:02:41 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from redbull.bpaserver.net (redbullneu.bpaserver.net [213.198.78.217]) by mx1.freebsd.org (Postfix) with ESMTP id 3241B8FC1C for ; Wed, 11 Feb 2009 11:02:41 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (pD9E2D329.dip.t-dialin.net [217.226.211.41]) by redbull.bpaserver.net (Postfix) with ESMTP id 422532E0FD; Wed, 11 Feb 2009 12:02:30 +0100 (CET) Received: from webmail.leidinger.net (webmail.leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id EE277101720; Wed, 11 Feb 2009 12:02:26 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net; s=outgoing-alex; t=1234350147; bh=jxLVqlWY4TSXDPobOtsS5FNixycUv3cqo W/mt1nBFfY=; h=Message-ID:Date:From:To:Cc:Subject:References: In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=Vc7sWlCIYcSDD2tbkEGeC3jnCzAXwFbK9mcVQoSrr3Peq8yjFY0K+JwcDNojZlwwb Bx1aXAj3bMbijmSYXqlOtyBvReJpXGdKE+S8ftYdmOg3IVAEiTY1vRisD899iV2c3O2 TbSwWlcIWGjvISU3e+5pQn+KQBOcRocIErI0GTT/7VyzFhPPzCvapVqjeDcxmxXxdTY /xo34wHw7D3Pe/tcEgeDIxg0zGsR2LJHOKVAoWB93W3BrcvyD4shsINOCMXFWRQRo/D em4BqnLRRP8rSupu6HI+rwQhOL7QnoTRaZHkX+RAYlMteHQdsrhdajhYuFKBuAtUQ8U L9LK72Lgg== Received: (from www@localhost) by webmail.leidinger.net (8.14.3/8.13.8/Submit) id n1BB2QfP075160; Wed, 11 Feb 2009 12:02:26 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from entertainment.Leidinger.net (entertainment.Leidinger.net [192.168.1.113]) by webmail.leidinger.net (Horde Framework) with HTTP; Wed, 11 Feb 2009 12:02:26 +0100 Message-ID: <20090211120226.75402wimhlvv1fk0@webmail.leidinger.net> X-Priority: 3 (Normal) Date: Wed, 11 Feb 2009 12:02:26 +0100 From: Alexander Leidinger To: d@delphij.net, Xin LI References: <499244E6.9030205@delphij.net> <499246D4.8020908@freebsd.org> <49924B92.6050307@delphij.net> In-Reply-To: <49924B92.6050307@delphij.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (4.3) / FreeBSD-8.0 X-BPAnet-MailScanner-Information: Please contact the ISP for more information X-MailScanner-ID: 422532E0FD.302CB X-BPAnet-MailScanner: Found to be clean X-BPAnet-MailScanner-SpamCheck: not spam, ORDB-RBL, SpamAssassin (not cached, score=-14.223, required 6, BAYES_00 -15.00, DKIM_SIGNED 0.00, DKIM_VERIFIED -0.00, J_CHICKENPOX_21 0.60, RDNS_DYNAMIC 0.10, TW_ZJ 0.08) X-BPAnet-MailScanner-From: alexander@leidinger.net X-Spam-Status: No Cc: Lawrence Stewart , FreeBSD Current , freebsd-rc@freebsd.org, d@delphij.net Subject: Re: [RFC] Skeleton jail (rc.d feature proposal) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2009 11:02:42 -0000 Quoting Xin LI (from Tue, 10 Feb 2009 19:52:50 -0800): > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Lawrence Stewart wrote: >> Xin LI wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Hi, >>> >>> Ok, some local users has prodded me in committing the "skeleton jail" >> >> [snip] >> >> Can you describe how this differs from the functionality provided by the >> ezjail port? (/usr/ports/sysutils/ezjail/) > > I think they have different targets. Skeleton jail is more lightweight > which is only very few lines of changes to the base system (i.e. the aim > is to provide convenient shortcut for common tasks, not to be a complete > solution); the functionality provided by skeleton jail, on the other > hand, could be useful building blocks to ezjail. Ezjail already has this skeleon feature. It's used for every jail you =20 create with ezjail. You can then upadate this skeleton, and you update =20 the basesystem of all jails at once. Your solution looks a little bit =20 more generic, as you can use a different skeleton for each jail. The =20 make installskel part could be compatible with ezjail, but I'm not =20 sure if the rc.d part could be used easily by ezjail. Ezjail is =20 nullfs-mounting (RO) the skeleton into each jail, and it has symlinks =20 from the normal directory layout to the "/basejail/..." =20 location. It creates the basejail by doing a full install and then =20 removing some parts. Maybe you can have a look at ezjail to see the requirements of it? =20 It's simple to setup, you just need to specify the path to the =20 location where you want all jails to be installed to, and then you can =20 install a jail (it does a buildworld if ou do not tell to skip this =20 part, e.g. becuse you already did one yourself). Bye, Alexander. --=20 God said it, I believe it and that's all there is to it. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137