Date: Thu, 16 Oct 2003 08:53:52 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: John <strgout@unixjunkie.com> Cc: freebsd-ports@freebsd.org Subject: Re: make installjail maybe? Message-ID: <20031016075352.GA93769@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <20031016072800.GA41397@mail.unixjunkie.com> References: <20031016072800.GA41397@mail.unixjunkie.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--envbJBWh7q8WU6mo
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Oct 16, 2003 at 02:28:00AM -0500, John wrote:
> Is anyone working on someway to install ports into a jail? What i do most=
of
> the time for a small port (like bind or something) is i redefine PREFIX to
> be /usr/jail/$ip, but there are a few problems with this.
>=20
> 1. named now looks for /usr/jail/$ip/etc/named.conf by default. Not that =
that
> is hard to get around, but just a fyi.
> 2. You can't install the port more then once without messing around with=
=20
> the package install info (the stuff in /var/db/pkg). I've just been movi=
ng
> the package name from say bind-8.3.6 to bind-8.3.6-jail-path-to-jail-root=
, but=20
> that is a little ugly ;).
> 3. libs, passwd files, group (basicly userland). Most of the time i just =
cheat
> and staticly link the port ( setenv CLFAGS "-static"). This works fine fo=
r bind
> , but i haven't tested other apps. Then i copy the other userland bits.
> maybe if there was a port that would just install a mini user land, based=
off
> /usr/src or something like that i wouldn't need to staticly link everythi=
ng.
There's two ways of looking at this.
If you have a 'thick' jail -- essentially with a complete FreeBSD
environment inside it, then you can just ssh(1) into the jail and
install ports exactly as you would in the base system. To save space
you can use mount_null(8) to remount /usr/ports from the base inside
the jail -- this works well so long as you don't try installing ports
simultaneously fron the jail and the base system, although by setting
WRKDIRPREFIX in both environments you can even do that.
To avoid compiling ports common to the jail and the base several
times, just create packages in (say) the base, and pkg_add(1) them
=66rom the jail. portupgrade(1)'s pkgtools.conf will let you
automatically control using packages or ports down to the level of
individual ports.
For a thin jail -- ie. without a sufficiently complete environment
that you can compile stuff inside the jail (or even if you do, but
find this method preferable) then create a .../db/pkg directory for
your jail (doesn't have to be inside the jailed area, although that
doesn't hurt). Then simply set PKG_DBDIR in your environment to that
directory:
# setenv PKG_DBDIR /usr/jail/${ip}/var/db/pkg
and install ports or packages using a similarly modified $PREFIX as
before.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
--envbJBWh7q8WU6mo
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQE/jk6QdtESqEQa7a0RAhHcAJ4jTtE+C+jvHdt7XNsWcQVErmslxgCfUQjF
IkUVukD9+JKLd9cKgi9prUU=
=H4js
-----END PGP SIGNATURE-----
--envbJBWh7q8WU6mo--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031016075352.GA93769>