From owner-freebsd-ports@FreeBSD.ORG Thu Oct 16 10:30:02 2003 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3F3C316A4B3 for ; Thu, 16 Oct 2003 10:30:02 -0700 (PDT) Received: from obsecurity.dyndns.org (adsl-63-207-60-234.dsl.lsan03.pacbell.net [63.207.60.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id C83BA43FAF for ; Thu, 16 Oct 2003 10:29:57 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5]) by obsecurity.dyndns.org (Postfix) with ESMTP id 90C9666DBA; Thu, 16 Oct 2003 10:29:55 -0700 (PDT) Received: by rot13.obsecurity.org (Postfix, from userid 1000) id 50A68BE6; Thu, 16 Oct 2003 10:29:55 -0700 (PDT) Date: Thu, 16 Oct 2003 10:29:55 -0700 From: Kris Kennaway To: John Message-ID: <20031016172955.GA71632@rot13.obsecurity.org> References: <20031016072800.GA41397@mail.unixjunkie.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="XsQoSWH+UP9D9v3l" Content-Disposition: inline In-Reply-To: <20031016072800.GA41397@mail.unixjunkie.com> User-Agent: Mutt/1.4.1i cc: freebsd-ports@freebsd.org Subject: Re: make installjail maybe? X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2003 17:30:02 -0000 --XsQoSWH+UP9D9v3l Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Oct 16, 2003 at 02:28:00AM -0500, John wrote: > Is anyone working on someway to install ports into a jail? You've already discovered most of what is necessary: > What i do most of > the time for a small port (like bind or something) is i redefine PREFIX to > be /usr/jail/$ip, but there are a few problems with this. > 1. named now looks for /usr/jail/$ip/etc/named.conf by default. Not that = that > is hard to get around, but just a fyi. What might actually be required is DESTDIR support for the ports collection. There's a PR about this, but I suspect that most ports (those which use the vendor's install target) won't respect this without changes. > 2. You can't install the port more then once without messing around with= =20 > the package install info (the stuff in /var/db/pkg). I've just been movi= ng > the package name from say bind-8.3.6 to bind-8.3.6-jail-path-to-jail-root= , but=20 > that is a little ugly ;). PKG_DBDIR > 3. libs, passwd files, group (basicly userland). Most of the time i just = cheat > and staticly link the port ( setenv CLFAGS "-static"). This works fine fo= r bind > , but i haven't tested other apps. Then i copy the other userland bits. > maybe if there was a port that would just install a mini user land, based= off > /usr/src or something like that i wouldn't need to staticly link everythi= ng. "mini user land" doesn't have well-defined meaning, because everyone's needs are different. If you're not happy with installing an entire world into your jail, you probably need to make your own script. I've thought about making a tool that attempts to discover the files needed by a port so they can be copied into the jail, but this isn't really easy to do. Kris --XsQoSWH+UP9D9v3l Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/jtWTWry0BWjoQKURAjsaAJ4+qitxltPTovTkrtBmbUqZGl8l+gCgvFoy JcFRW2JYJ+MAuY0GrtCn8wQ= =ExDo -----END PGP SIGNATURE----- --XsQoSWH+UP9D9v3l--