ezjail and mergemaster
Allan Jude
allanjude at freebsd.org
Tue Jul 29 22:22:23 UTC 2014
On 2014-07-29 17:44, Warren Block wrote:
> This is tangential to my earlier changes to mergemaster.
>
> I'm working on an ezjail addition for the Handbook. The update section
> shows both source and binary updates.
>
> For source, ezjail-admin update -b on the host does a
> buildworld;installworld on the basejail.
>
> For binary, ezjail-admin update -r on the host uses freebsd-update to
> update the basejail.
>
> mergemaster is used after either on a real machine. By default, the
> ezjail basejail does not even have a copy of the source, making running
> mergemaster from inside the jail a bit difficult.
>
> What process for running mergemaster should I suggest? Maybe different
> ones for trusted and untrusted jails?
>
> The host can update trusted jails:
> mergmaster -U -D /usr/jails/jailname
>
> (It might not be safe to consider any jail "trusted".)
>
> The untrusted procedure is a lot fuzzier to me. Mount /usr/src on the
> basejail, then only run mergemaster from inside the jails? Is there a
> good way? Or a standard way?
>
> As with other things for the Handbook, we should be showing best
> practices. What is the best practice for mergemaster on any random
> jail, trying to conserve disk space as much as is safely possible?
> _______________________________________________
> freebsd-jail at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"
This will mount /usr/src into the basejail read-only:
mount -t nullfs -o ro /usr/src /usr/jails/basejail/usr/src
--
Allan Jude
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20140729/07b8669b/attachment.sig>
More information about the freebsd-jail
mailing list