Jails and freebsd-update
vinny-mail-01+f.questions20071007 at palaceofretention.ca
Tue Oct 9 17:14:02 PDT 2007
Boris Samorodov wrote:
> Seems that you are looking for sysutils/ezjail.
Thank you for the reference. That is a very nice port.
I will definitely make use of it when I need multiple
jails (>3). I only need 2 at the moment.
I did a little more digging and it seems that I can
install a jail using the base system's install script.
It's found on CD 1 (6.2-RELEASE-i386-disc1.iso):
(cd0 mounted on /dvdrw)
$ ls -la
dr-xr-xr-x 2 root wheel 6144 Jan 12 2007 .
dr-xr-xr-x 13 root wheel 2048 Jan 12 2007 ..
-r--r--r-- 3 root wheel 1624 Jan 12 2007 CHECKSUM.MD5
-r--r--r-- 3 root wheel 2779 Jan 12 2007 CHECKSUM.SHA256
-r--r--r-- 3 root wheel 1425408 Jan 12 2007 base.aa
-r--r--r-- 3 root wheel 1425408 Jan 12 2007 base.ab
-r--r--r-- 3 root wheel 1425408 Jan 12 2007 base.ac
-r--r--r-- 3 root wheel 1425408 Jan 12 2007 base.ad
-r--r--r-- 3 root wheel 962020 Jan 12 2007 base.bd
-r--r--r-- 3 root wheel 898 Jan 12 2007 base.inf
-r--r--r-- 3 root wheel 1204896 Jan 12 2007 base.mtree
-r-xr-xr-x 3 root wheel 427 Apr 30 2002 install.sh
I can use the install.sh script in place of the make
installworld/distribution commands for the jail. This makes
it possible to update the jail using freebsd-update.
I wonder if the ezjail port can be tweaked to add an
option for installing via the 'base' as above, rather than
its current methods.
In any event, I set DESTDIR to /tmp/base, ran the install.sh
script and a full base system was placed in /tmp/base. A few
jail details (IP, devfs) later and I was able to run freebsd-update
from within the jail and it updated the world to -p8. Note I had to
edit the freebsd-updates.conf file (within the jail) and set the
Components variable to world only.
The jail is a full system. This might not be desirable. Normally,
one can control what gets placed in the base jail system using
the various NO_* knobs in a make.conf file (i.e. you can choose
to keep things like the toolchain, sendmail, and bind from
being placed in the jail). A certain amount of work could be
done to remove those subsystems individually after the fact, I
suppose. I wonder where I can get a list of files for each NO_*
More information about the freebsd-questions