From owner-freebsd-jail@FreeBSD.ORG Tue Jul 29 22:22:23 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1118543C for ; Tue, 29 Jul 2014 22:22:23 +0000 (UTC) Received: from mx1.scaleengine.net (beauharnois2.bhs1.scaleengine.net [142.4.218.15]) by mx1.freebsd.org (Postfix) with ESMTP id DF8DB2ECE for ; Tue, 29 Jul 2014 22:22:22 +0000 (UTC) Received: from [192.168.1.2] (senat1-01.HML3.ScaleEngine.net [209.51.186.5]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id 4C673306AE for ; Tue, 29 Jul 2014 22:16:23 +0000 (UTC) Message-ID: <53D81D43.6070503@freebsd.org> Date: Tue, 29 Jul 2014 18:16:35 -0400 From: Allan Jude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: freebsd-jail@freebsd.org Subject: Re: ezjail and mergemaster References: In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="olte65bcI9LwiaEgJkUtJHWMok4EQNfOx" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2014 22:22:23 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --olte65bcI9LwiaEgJkUtJHWMok4EQNfOx Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 2014-07-29 17:44, Warren Block wrote: > This is tangential to my earlier changes to mergemaster. >=20 > I'm working on an ezjail addition for the Handbook. The update section= > shows both source and binary updates. >=20 > For source, ezjail-admin update -b on the host does a > buildworld;installworld on the basejail. >=20 > For binary, ezjail-admin update -r on the host uses freebsd-update to > update the basejail. >=20 > mergemaster is used after either on a real machine. By default, the > ezjail basejail does not even have a copy of the source, making running= > mergemaster from inside the jail a bit difficult. >=20 > What process for running mergemaster should I suggest? Maybe different= > ones for trusted and untrusted jails? >=20 > The host can update trusted jails: > mergmaster -U -D /usr/jails/jailname >=20 > (It might not be safe to consider any jail "trusted".) >=20 > The untrusted procedure is a lot fuzzier to me. Mount /usr/src on the > basejail, then only run mergemaster from inside the jails? Is there a > good way? Or a standard way? >=20 > As with other things for the Handbook, we should be showing best > practices. What is the best practice for mergemaster on any random > jail, trying to conserve disk space as much as is safely possible? > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"= This will mount /usr/src into the basejail read-only: mount -t nullfs -o ro /usr/src /usr/jails/basejail/usr/src --=20 Allan Jude --olte65bcI9LwiaEgJkUtJHWMok4EQNfOx Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJT2B1FAAoJEJrBFpNRJZKfpKIQAJbWCqNLEfMX5avhOw4yk4Sy bRmmYQyUetskFWGDhIT5YujdKnLtECO3Yw1i7BH0KEQZDcT8Yi1r4kmcxS0gKNc6 CfpELDFo0s/hdA8w+LpJ3X5594WSNBNIjER5R3DRW0Mi5Z67Yc/cXkIuscxmI9lw wr2R86j6wwkCSLDjHk28TdCOMq8z0sjrBOk7CQ4YfyAsGJIZTdU0K1OUPUgcwekc wc4ekqUnFP3NzhfBLM9QCtJy6rRHnr1liYNeVH8SDFGyzB30Lgp4AKFXbJqEQ+t1 Q/poZ7yM7GMJRI2AHO4ZfSq2bVs5yvmXHP0f8al51AWcIfFgzAEAbFnhsoCU9HPF SZVtyaiPm7KNEhR9IA7ma6EF+rW1o+IqEen16gHG2DR1xIB1MWStmxfM0OfPS9a6 AZtaTihNHY78DSMAmN5QK0ybzilD46r+mlf85dEm4RE0q42j/47GLMULcdBYfPl8 RlZfO/a2j5FEpMhz6xPAM7+8DTJu78pBE2141JobsW1dMRtGWaKxLdjhsJr7Dc6V KbdwXtLKNZPDzTE5zi3BZqEEQmSqdD/vPy+vUzMcT/I3rda7ZBP2caAMUUf6jTta NkeIytNh5xcaQ1lXbTxzdJA6KGN/3l0rgmPPbNMfQAdDhZGzD6OUBZfJJxtXzpE/ KktP/0ZL11BWSiNXdgTD =Mah3 -----END PGP SIGNATURE----- --olte65bcI9LwiaEgJkUtJHWMok4EQNfOx--