From owner-svn-doc-all@FreeBSD.ORG Thu May 22 16:25:57 2014 Return-Path: Delivered-To: svn-doc-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EA9E49BA; Thu, 22 May 2014 16:25:57 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D4B942311; Thu, 22 May 2014 16:25:57 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s4MGPvUd037180; Thu, 22 May 2014 16:25:57 GMT (envelope-from bcr@svn.freebsd.org) Received: (from bcr@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s4MGPvGP037179; Thu, 22 May 2014 16:25:57 GMT (envelope-from bcr@svn.freebsd.org) Message-Id: <201405221625.s4MGPvGP037179@svn.freebsd.org> From: Benedict Reuschling Date: Thu, 22 May 2014 16:25:57 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r44908 - head/en_US.ISO8859-1/books/handbook/jails X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 May 2014 16:25:58 -0000 Author: bcr Date: Thu May 22 16:25:57 2014 New Revision: 44908 URL: http://svnweb.freebsd.org/changeset/doc/44908 Log: This PR and the patch was created during the BSDCan 2014 Doc lounge. From the PR: - Describe that it's possible to install prebuilt binaries as well as build from source. - Instructions on how to extract distfiles on 8.x & earlier / 9.0 & later - Remove reference to jail_www_devfs_ruleset rc.conf, as-is it prevents the jail from starting because a ruleset needs to be defined & as there is no documentation for that in the article, it's easier to remove it, by doing this, the default ruleset is applied. - Add instructions on how to keep jails up to date with freebsd-update. I cleaned up the patch a bit, but it is still good work for a first patch. PR: docs/189901 Submitted by: Sevan Janiyan Modified: head/en_US.ISO8859-1/books/handbook/jails/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/jails/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/jails/chapter.xml Thu May 22 15:18:45 2014 (r44907) +++ head/en_US.ISO8859-1/books/handbook/jails/chapter.xml Thu May 22 16:25:57 2014 (r44908) @@ -50,7 +50,8 @@ host system. Jails expand this model by virtualizing access to the file system, the set of users, and the networking subsystem. More fine-grained controls are available for tuning the access - of a jailed environment. + of a jailed environment. Jails can be considered as a type of + operating system-level virtualization. A jail is characterized by four elements: @@ -194,8 +195,72 @@ system, and service jails, dedicated to one application or service, possibly running with privileges. This is only a conceptual division and the process of building a jail - is not affected by it. The &man.jail.8; manual page is quite - clear about the procedure for building a jail: + is not affected by it. When creating a complete + jail there are two options for the source of the userland: use + prebuilt binaries (such as those supplied on an install media) + or build from source. + + To install the userland from installation media, first + create the root directory for the jail. This can be done by + setting the DESTDIR variable to the proper + location. The command to use depends on which shell is being + used. + + When using &man.sh.1;: + + &prompt.root; export DESTDIR=/here/is/the/jail + + If csh/tcsh is used, + execute this instead: + + &prompt.root; setenv DESTDIR /here/is/the/jail + + Mount the install media as covered in &man.mdconfig.8; + when using the install ISO: + + &prompt.root; mount -t cd9660 /dev/`mdconfig -f cdimage.iso` /mnt + + Extract the binaries from the tarballs on the install media + into the declared destination. Minimally, only the base set + needs to be extracted, but a complete install can be performed + when preferred. + + To install just the base system, run the next command when + using &os; 9.x or newer: + + &prompt.root; tar -xf /mnt/freebsd_install/usr/freebsd_dist/base.txz -C $DESTDIR + + On &os; 8.x systems, use this command instead: + + &prompt.root; /mnt/8.4-RELEASE/base/install.sh + + To install everything but the kernel, issue this + command: + + When using &man.sh.1; on &os; 9.x and newer, issue this + command: + + &prompt.root; for sets in BASE DOC GAMES PORTS; do (tar -xf /mnt/FREEBSD_INSTALL/USR/FREEBSD_DIST/$sets.TXZ -C $DESTDIR + + When using &os; 8.x, run this: + + &prompt.root; cd /mnt/8.4-RELEASE; for dir in base catpages dict doc games info manpages ports; do (cd $dir; ./install.sh) ; done + + If csh/tcsh is used on + &os; 9.x and newer, execute this command: + + &prompt.root; foreach sets ( BASE DOC GAMES PORTS ) +tar -xf /mnt/FREEBSD_INSTALL/USR/FREEBSD_DIST/$sets.TXZ -C $DESTDIR +done + + On &os; 8.x, run this command: + + &prompt.root; foreach dir ( base catpages dict doc games info manpages ports ) + cd /mnt/8.4-RELEASE/$dir; ./install.sh +done + + The &man.jail.8; manual page explains the procedure for + building a jail: &prompt.root; setenv D /here/is/the/jail &prompt.root; mkdir -p $D @@ -299,8 +364,7 @@ jail_list="wwwjail_www_rootdir="/usr/jail/www" # jail's root directory jail_www_hostname="www.example.org" # jail's hostname jail_www_ip="192.168.0.10" # jail's IP address -jail_www_devfs_enable="YES" # mount devfs in the jail -jail_www_devfs_ruleset="www_ruleset" # devfs ruleset to apply to jail +jail_www_devfs_enable="YES" # mount devfs in the jail The default startup of jails configured in &man.rc.conf.5;, will run the /etc/rc @@ -460,6 +524,22 @@ jail_www_devf applications that contribute to &man.jail.8; management. Please refer to its web page for more information. + + + Keeping Jails Patched and up to Date + + Jails should be kept up to date from the host operating + system as attempting to patch userland from within the jail + may likely fail as the default behaviour in FreeBSD is to + disallow the use of &man.chflags.1; in a jail which prevents + the replacement of some files. It is possible to change this + behavior but it is recommended to use &man.freebsd-update.8; + to maintain jails instead. Use to specify + the path of the jail to be updated. + + &prompt.root; freebsd-update -b /here/is/the/jail fetch +&prompt.root; freebsd-update -b /here/is/the/jail install +