27.11.2018 3:24, Michael W. Lucas wrote:
>
> Hi,
>
> I'm writing a book on jails and am looking for BCP. I'd like to
> present either "This is the approved solution and should work" or
> "these are the gotchas with any of these, choose your pain."
>
> Folks want base jails to include packages, but also want to install
> additional packages--which won't happen if /usr/local is mounted
> read-only in the base jail. Trawling around the Net I see a couple
> options. Both involve the primary jail using a different package
> repo. The overlay jail uses the standard package repo.
>
> 1) primary jail uses a repo with PREFIX=/usr/pkg or /opt. Works in my
> simple use cases once I set ldconfig directories in rc.conf, but I'm
> told programs like pkgconfig can go sideways.
>
> 2) base jail repo uses with PREFIX=/. Utterly violates separation of
> base and pkg, but everything should find everything out of the
> box. Again, seems to work in my wimpy use cases.
>
> Is there an option that should work? Or is a matter of choosing
> between horrors?
Not sure I understand the problem which I don't have using sysutils/ezjail
that uses base jail situated in /usr/local/j/basejail in my case.
For each distinct jail instance, it null-mounts it read-only
to /usr/local/j/${JAILNAME}/basejail and /usr/local/j/${JAILNAME} it jail's
root.
Inside this root, /bin is symlink to /basejail/bin, and /boot, /libexec, /rescue
and /sbin are similar symlinks, so are
/usr/{bin|include|lib|lib32|libdata|libexec|ports|sbin|share}
all symlinks to corresponding directories inside ro-mounted /basejail/usr/...
But not /usr/local nor /usr/{src|obj}, if that matters. So each jail have its
own
set of packages or even ports if I choose to null-mount host's /usr/ports
readonly
to /usr/local/j/${JAILNAME}/basejail/usr/ports and write to jail's
/etc/make.conf:
WRKDIRPREFIX= /var/ports
DISTDIR= /var/ports/distfiles
PACKAGES= /var/ports/packages
INDEXDIR= /var/ports
That works just fine for me.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[email protected]"
