JDK minimum chroot environment

Oliver Fromme olli at lurza.secnetix.de
Tue May 20 13:57:52 UTC 2008 

Frank Behrens wrote:
 > Oliver Fromme wrote:
 > > I would like to create a chroot environment which will
 > > contain JDK 1.6 and a Tomcat-based application.  The
 > > base system within the chroot (FreeBSD/amd64 7-stable)
 > > should be as small as possible.
 > 
 > I had this in the past with JDK1.4 and FreeBSD-5/6 in a jail. It was 
 > a minimal system, I copied only the required libraries into the jail 
 > (dependent from ldd output).

Actually I would prefer to use a jail, too, but this
service needs to use several IP addresses, so I have
to use chroot instead of jail.

 > I can not guarantee that my following statements are still true for 
 > current systems. Please note that I used i386 and your amd64 may have 
 > other libraries.

Thank you very much for your comments.  They're very
helpful.

 > >  - /usr/share except for /usr/share/misc/termcap.db

(Note:  I'd like to be able to open a shell prompt
within the chroot, that's why i keep the termcap.)

 > I had only /usr/share/zoneinfo

Hm.  Is it required?  I think it will be sufficient
to have /etc/localtime for correct time zone information,
but I'm not 100% sure ...  Maybe the JDK stuff does
strange things with the zoneinfo files?

 > /sbin/ldconfig may be necessary

OK, I also keep /sbin/{md5,sha1,sha256}.

 > in /usr/sbin I had daemon and nologin

OK, I also keep the pkg_* tools and a few other things.

 > > Will the JDK still work reliably without the above things?
 > 
 > I had it working for some time. The only difficult thing was the 
 > update of binaries on OS updates. A full jail (ezjail) is easier to 
 > handle.

Yes, I'm aware of that ...  I hope OS updates within
the chroot don't have to happen often.

Thanks for your information!

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

"I invented Ctrl-Alt-Delete, but Bill Gates made it famous."
        -- David Bradley, original IBM PC design team

More information about the freebsd-java mailing list