Best practices about Jails
Andrea Venturoli
ml at netfence.it
Fri Apr 20 09:31:07 UTC 2012
On 04/04/12 16:06, Fbsd8 wrote:
> This is overkill. I single ports tree on the host is fine. Matter of
> fact I use packages for everything accept for php which I have to
> compile in apache module. I even pre-install all of php's dependents as
> packages before doing "make install" on the php port. As far as
> portsclean goes its only for the paranoid.
Ok, I've gone this way.
> If you dont have full ports tree in the jail then no need for portaudit
> in the jail.
Portaudit doesn't check the port tree; it checks installed ports.
> Best practices is not to create a jail environment by hand as documented
> in the Freebsd handbook. The port utility qjail simplifies and automates
> the process to the point where you dont even have to know about the jail
> command. http://qjail.sourceforge.net/ use the port version for 8.x & 9.0
I've had a look at qjail; it seems very simliar to ezjails, which I used
(I didn't do jails by hand).
bye & Thanks
av.
More information about the freebsd-questions
mailing list