Date: Thu, 16 Oct 2003 10:29:55 -0700 From: Kris Kennaway <kris@obsecurity.org> To: John <strgout@unixjunkie.com> Cc: freebsd-ports@freebsd.org Subject: Re: make installjail maybe? Message-ID: <20031016172955.GA71632@rot13.obsecurity.org> In-Reply-To: <20031016072800.GA41397@mail.unixjunkie.com> References: <20031016072800.GA41397@mail.unixjunkie.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--XsQoSWH+UP9D9v3l Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Oct 16, 2003 at 02:28:00AM -0500, John wrote: > Is anyone working on someway to install ports into a jail? You've already discovered most of what is necessary: > What i do most of > the time for a small port (like bind or something) is i redefine PREFIX to > be /usr/jail/$ip, but there are a few problems with this. > 1. named now looks for /usr/jail/$ip/etc/named.conf by default. Not that = that > is hard to get around, but just a fyi. What might actually be required is DESTDIR support for the ports collection. There's a PR about this, but I suspect that most ports (those which use the vendor's install target) won't respect this without changes. > 2. You can't install the port more then once without messing around with= =20 > the package install info (the stuff in /var/db/pkg). I've just been movi= ng > the package name from say bind-8.3.6 to bind-8.3.6-jail-path-to-jail-root= , but=20 > that is a little ugly ;). PKG_DBDIR > 3. libs, passwd files, group (basicly userland). Most of the time i just = cheat > and staticly link the port ( setenv CLFAGS "-static"). This works fine fo= r bind > , but i haven't tested other apps. Then i copy the other userland bits. > maybe if there was a port that would just install a mini user land, based= off > /usr/src or something like that i wouldn't need to staticly link everythi= ng. "mini user land" doesn't have well-defined meaning, because everyone's needs are different. If you're not happy with installing an entire world into your jail, you probably need to make your own script. I've thought about making a tool that attempts to discover the files needed by a port so they can be copied into the jail, but this isn't really easy to do. Kris --XsQoSWH+UP9D9v3l Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/jtWTWry0BWjoQKURAjsaAJ4+qitxltPTovTkrtBmbUqZGl8l+gCgvFoy JcFRW2JYJ+MAuY0GrtCn8wQ= =ExDo -----END PGP SIGNATURE----- --XsQoSWH+UP9D9v3l--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031016172955.GA71632>