Reaction score: 7
If we build a jail, and don't put a userland in it, will it act like a docker container and pull from the host's kernel?
Reaction score: 38
I looked upon this reply and did not find it helpful. Sending judgmental comments like "RTFM" is not only presumptuous, but misleading. I have referred to those documents many times.
initand then go from there. in some cases you might even be able to just replace init with whatever program you want to run but usually there will be stuff missing that's usually handled by init and all the scripts started from there. In any case it should be very well possible to cobnstruct a custom minimalistic
inittailored to your target task and thereby having less/no reliance on userland/libraries. I think it could also be a good idea to look into busybox/toybox and/or figuring out how to do static builds of your required tools.
I did not mean to offend you, but instead point to what ekvz wrote above. Since there is little to no use in "running" a bare kernel, I asked what you meant with "pull in" and you did not give an answer.I looked upon this reply and did not find it helpful. Sending judgmental comments like "RTFM" is not only presumptuous, but misleading. I have referred to those documents many times.
Yes, pull in is pretty generic. I don't know what's ment by it in this context either. Maybe docker is intercepting exec/open calls and tries to satisfy those that would result in a 'file not found' error by copying from the host system where possible? I don't know docker well enough to be really sure. In any case doing something like this would seem to me like it's asking for trouble as docker has absolutely no way of knowing what the users intentions are and therefore won't be able to tell what should and what shouldn't be there. Maybe gladiola could clarify a bit what the expected action is when pulling stuff in.I asked what you meant with "pull in" and you did not give an answer.
I don’t quite understand the question. There is no such thing as the “host’s kernel”. There is only one kernel. And how exactly would you „build“ a jail without userland? And what would you like to pull from where?If we build a jail, and don't put a userland in it, will it act like a docker container and pull from the host's kernel?
As far as minimalistic solutions are concerned i don't see much point to use a real init system (even as simple/dumb/tiny as busybox init) at all. A statichm, one would need a small init system, like in docker dumb-init or go-init. I have no experience with non-standard init systems under FreeBSD, but maybe/hopefully something like s6 could be used in our land to have an alternative to those great application container solutions out there. Maybe sadaszewski from focker knows more or could explain how focker is handling that
/bin/shand a handful of tools should be able to take care of pretty much anything. Especially in a jailed environment where you don't have to deal with a lot of external factors.
jexec(8) can only be used with an existing jail. A jail exists if either at least one process is running inside it, or if the jail’sCan you jexec something in a jail that isn't running?
persistparameter is set. From the jail(8) manual page:
persist Setting this boolean parameter allows a jail to exist without any processes. Normally, a command is run as part of jail creation, and then the jail is destroyed as its last process exits. [...]