Date: Fri, 24 Sep 2021 19:46:02 +0000 From: bugzilla-noreply@freebsd.org To: mono@FreeBSD.org Subject: [Bug 258709] lang/mono6.8: cert-sync doesn't work on iocage style base jails Message-ID: <bug-258709-23699-VcFj5zwhlO@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-258709-23699@https.bugs.freebsd.org/bugzilla/> References: <bug-258709-23699@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D258709 --- Comment #1 from Oscar Carlsson <oscar@spindel.tax> --- I tried setting up a Mono application in a iocage base jail (iocage -b ...)= but noticed that my certificate store was empty, and that I couldn't use the cert-sync tool to sync with my system certificate store - the tool threw er= ror messages that my file system was mounted as read only. I setup an nearly identical new jail, but made it a 'thick' jail instead (iocage -T ...) instead, and now my Mono certificate store was full of CAs = (as expected). Running cert-sync again worked fine (although it was already in sync). So I suspect that cert-sync (and mozroots) tries to write to a folder that = is mounted as read-only in a iocage base jail. This is a list of read-only folders on one such jail: /bin /boot /lib /libexec /rescue /sbin /usr/bin /usr/include /usr/lib /usr/libexec /usr/sbin /usr/share /usr/libdata /usr/lib32 I couldn't make either mozroots or cert-sync to be more verbose (as to which folder it was trying to write), but I _guess_ that it's /usr/lib or so. An acceptable workaround is to use a thick jail instead, but it would be _n= ice_ to have it working in a base jail as well. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-258709-23699-VcFj5zwhlO>