From owner-freebsd-rc@FreeBSD.ORG Sat May 20 08:01:50 2006 Return-Path: X-Original-To: freebsd-rc@FreeBSD.org Delivered-To: freebsd-rc@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0D90416A425; Sat, 20 May 2006 08:01:50 +0000 (UTC) (envelope-from ru@ip.net.ua) Received: from cielago.ip.net.ua (cielago.ip.net.ua [82.193.96.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id 34CEA43D46; Sat, 20 May 2006 08:01:48 +0000 (GMT) (envelope-from ru@ip.net.ua) Received: from heffalump.ip.net.ua (heffalump.ip.net.ua [82.193.96.213]) by cielago.ip.net.ua (8.13.6/8.13.6) with ESMTP id k4K80QfQ084617 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 20 May 2006 11:00:32 +0300 (EEST) (envelope-from ru@ip.net.ua) Received: (from ru@localhost) by heffalump.ip.net.ua (8.13.6/8.13.6) id k4K810YM071586; Sat, 20 May 2006 11:01:00 +0300 (EEST) (envelope-from ru) Date: Sat, 20 May 2006 11:01:00 +0300 From: Ruslan Ermilov To: Xin LI Message-ID: <20060520080100.GE84766@ip.net.ua> References: <1148109661.952.26.camel@spirit> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="C94crkcyjafcjHxo" Content-Disposition: inline In-Reply-To: <1148109661.952.26.camel@spirit> User-Agent: Mutt/1.5.11 X-Virus-Scanned: by amavisd-new Cc: freebsd-rc , "Simon L. Nielsen" Subject: Re: [PATCH FOR REVIEW] Implementation of skeleton jail X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 May 2006 08:01:50 -0000 --C94crkcyjafcjHxo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, May 20, 2006 at 03:21:00PM +0800, Xin LI wrote: > Hi, folks, >=20 > Here is an implementation of what I call it "skeleton jail". The idea > is that it is more or less to be common that we do not want to actually > copy of the base system (sometimes even other stuff) across zillions of > jails. >=20 > The skeleton jail is an approach that makes management of such jails > easier, by making use of mount_nullfs(8) to make read-only shadow or > read-write shadow from the so-called "skeleton root". >=20 > For instance, by default the skeleton jail would mount the following > directories from the skeleton root (/) to the jail: >=20 > bin -> ${_root}/bin > sbin -> ${_root}/sbin > lib -> ${_root}/lib > libexec -> ${_root}/libexec > usr/bin -> ${_root}/usr/bin > usr/sbin -> ${_root}/usr/sbin > usr/include -> ${_root}/usr/include > usr/lib -> ${_root}/usr/lib > usr/libdata -> ${_root}/usr/libdata > usr/libexec -> ${_root}/usr/libexec > usr/sbin -> ${_root}/sbin > usr/share -> ${_root}/share >=20 > In order to create the environment that is suitable for the skeleton > jail (say, create the directory hierarchy, populate the /etc/ stuff, > etc, but not the actual installworld), I have added a new target > "installskel" to src/Makefile which will help the work. >=20 You really don't want the new "installskel" target, instead please use the existing "distrib-dirs" and "distribution" targets from src/Makefile. Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --C94crkcyjafcjHxo Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEbsy7qRfpzJluFF4RAiN+AJ90xZkiDgESzwFQiUyVU3CRZoW6sQCdFEMl 4LjqJaHN0K+4NhRwNGyxATc= =9roX -----END PGP SIGNATURE----- --C94crkcyjafcjHxo--