Jail question: packages with relative symlinks

Valeri Galtsev galtsev at kicp.uchicago.edu
Tue Aug 25 16:51:46 UTC 2020

Dear Experts,

I've got question about jails, namely, what do you do if some package 
you install in jail brings relative symlink(s)?

I install jails "by the book" and if relative symlinks are in 
/usr/local, there is no problem with those, as in jail an equivalent of 
/usr/local is


and the depth is the same as on real system. However, /etc in jail is


and if package brings relative symlink to /etc, in jail it will point 
nowhere. I just resolved this failure for package ca_root_nss in jail. 
This package places in


relative symlink:

cert.pem --> ../../usr/local/share/certs/ca-root-nss.crt

In jail, however it is situated in


so the above relative symlink points nowhere. I did a "trivial" thing, 
just replaced relative symlink with absolute one:

cert.pem --> /usr/local/share/certs/ca-root-nss.crt

,and as this symlink is owned by the package ca_root_nss, I locked that 
package, to prevent it from "automagically" replacing symlink with 
relative if updated package is installed.

This is kind of crude solution, standing next to the "hack", so I do not 
like what I did.

I wonder, how jail experts deal with relative symlinks when some package 
brings it into place where filesystem depth in jail is different from 
real system.


Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

More information about the freebsd-questions mailing list