Pull what?If we build a jail, and don't put a userland in it, will it act like a docker container and pull from the host's kernel?
I looked upon this reply and did not find it helpful. Sending judgmental comments like "RTFM" is not only presumptuous, but misleading. I have referred to those documents many times.Pull what?
- RTFM init(8) & search for "jail".
- RTFM jail(8) & jail.conf(5) & search for "persist".
init
and then go from there. in some cases you might even be able to just replace init with whatever program you want to run but usually there will be stuff missing that's usually handled by init and all the scripts started from there. In any case it should be very well possible to cobnstruct a custom minimalistic init
tailored to your target task and thereby having less/no reliance on userland/libraries. I think it could also be a good idea to look into busybox/toybox and/or figuring out how to do static builds of your required tools.I did not mean to offend you, but instead point to what ekvz wrote above. Since there is little to no use in "running" a bare kernel, I asked what you meant with "pull in" and you did not give an answer.I looked upon this reply and did not find it helpful. Sending judgmental comments like "RTFM" is not only presumptuous, but misleading. I have referred to those documents many times.
I asked what you meant with "pull in" and you did not give an answer.
I don’t quite understand the question. There is no such thing as the “host’s kernel”. There is only one kernel. And how exactly would you „build“ a jail without userland? And what would you like to pull from where?If we build a jail, and don't put a userland in it, will it act like a docker container and pull from the host's kernel?
hm, one would need a small init system, like in docker dumb-init or go-init. I have no experience with non-standard init systems under FreeBSD, but maybe/hopefully something like s6 could be used in our land to have an alternative to those great application container solutions out there. Maybe sadaszewski from focker knows more or could explain how focker is handling that
/bin/sh
and a handful of tools should be able to take care of pretty much anything. Especially in a jailed environment where you don't have to deal with a lot of external factors.Can you jexec something in a jail that isn't running?
jexec(8) can only be used with an existing jail. A jail exists if either at least one process is running inside it, or if the jail’sCan you jexec something in a jail that isn't running?
persist
parameter is set. From the jail(8) manual page:persist
Setting this boolean parameter allows a jail to exist without any
processes. Normally, a command is run as part of jail creation,
and then the jail is destroyed as its last process exits. [...]