From owner-freebsd-java@FreeBSD.ORG Tue May 20 11:16:41 2008 Return-Path: Delivered-To: freebsd-java@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8180F106564A for ; Tue, 20 May 2008 11:16:41 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (unknown [IPv6:2a01:170:102f::2]) by mx1.freebsd.org (Postfix) with ESMTP id E8C498FC31 for ; Tue, 20 May 2008 11:16:40 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (localhost [127.0.0.1]) by lurza.secnetix.de (8.14.1/8.14.1) with ESMTP id m4KBGcdM054862; Tue, 20 May 2008 13:16:39 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.14.1/8.14.1/Submit) id m4KBGcsQ054861; Tue, 20 May 2008 13:16:38 +0200 (CEST) (envelope-from olli) Date: Tue, 20 May 2008 13:16:38 +0200 (CEST) Message-Id: <200805201116.m4KBGcsQ054861@lurza.secnetix.de> From: Oliver Fromme To: freebsd-java@FreeBSD.ORG X-Newsgroups: list.freebsd-java User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (FreeBSD/6.2-STABLE-20070808 (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Tue, 20 May 2008 13:16:39 +0200 (CEST) Cc: Subject: JDK minimum chroot environment X-BeenThere: freebsd-java@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-java@FreeBSD.ORG List-Id: Porting Java to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 May 2008 11:16:41 -0000 Hi, I would like to create a chroot environment which will contain JDK 1.6 and a Tomcat-based application. The base system within the chroot (FreeBSD/amd64 7-stable) should be as small as possible. Now my question is, which parts of the base system are safe to remove, so that the JDK will still work? My current plan is to remove these things: - /rescue - /usr/share except for /usr/share/misc/termcap.db - /usr/include - /lib/*.a and /usr/lib/*.a (static libraries) - compiler toolchain (gcc, cpp, ld, everything related). - /sbin and /usr/sbin - /usr/libexec Will the JDK still work reliably without the above things? In particular, does it need any parts of the compiler tool chain (e.g. the linker or anything)? Thanks in advance for any hints! Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "IRIX is about as stable as a one-legged drunk with hypothermia in a four-hundred mile per hour wind, balancing on a banana peel on a greased cookie sheet -- when someone throws him an elephant with bad breath and a worse temper." -- Ralf Hildebrandt