packages and base jails

Miroslav Lachman 000.fbsd at quip.cz
Mon Nov 26 22:18:21 UTC 2018 

Ernie Luzar wrote on 2018/11/26 22:12:
> Michael W. Lucas wrote:
>> Hi,
>>
>> I'm writing a book on jails and am looking for BCP. I'd like to
>> present either "This is the approved solution and should work" or
>> "these are the gotchas with any of these, choose your pain."
>>
>> Folks want base jails to include packages, but also want to install
>> additional packages--which won't happen if /usr/local is mounted
>> read-only in the base jail. Trawling around the Net I see a couple
>> options. Both involve the primary jail using a different package
>> repo. The overlay jail uses the standard package repo.
>>
>> 1) primary jail uses a repo with PREFIX=/usr/pkg or /opt. Works in my
>> simple use cases once I set ldconfig directories in rc.conf, but I'm
>> told programs like pkgconfig can go sideways.
>>
>> 2) base jail repo uses with PREFIX=/. Utterly violates separation of
>> base and pkg, but everything should find everything out of the
>> box. Again, seems to work in my wimpy use cases.
>>
>> Is there an option that should work? Or is a matter of choosing
>> between horrors?
>>
>> Thanks,
>> ==ml
>>
>>
>>
> I use a common base jail mounted read only and the jail /usr/local & 
> /etc mounted r/w. From the jail console bootstrap pkg and every thing 
> works just like on the host. Now the ports tree is totally different, I 
> create the ports tree normally on the host. And then if I need the ports 
> tree in a jail I issue the mv command to move from host to jail and when 
> its not needed any more I mv it back to the host. Only one ports tree 
> for host and all jails. Haven't had the need to do that since new pkg 
> works so good now. Saw this is how qjail does it so used that concept in 
> my own manual jail system.

You don't need to move ports tree in and out, you can use nullfs mount 
of a directory, probably read only in jail with some tweaks in make.conf 
in jail:

WRKDIRPREFIX=   /var/ports
DISTDIR=        /var/ports/distfiles
PACKAGES=       /var/ports/packages
INDEXDIR=       /var/ports

Or you can share distfiles between host and jail.

Miroslav Lachman

More information about the freebsd-ports mailing list