Solved Installing pkgs in jail

Yes, you can use the mount type nullfs in /etc/fstab.jail. Before you have to create the directory in the jail because it does not exist by default.
 
chrbr said:
hYes, you can use the mount type nullfs in /etc/fstab.jail. Before you have to create the directory in the jail because it does not exist by default.
Click to expand...
Not exactly sure how to do this but found this:-

forums.freebsd.org

How can I mount a nullfs inside a jail (iocage)?

I have the following in /etc/sysctl.conf: security.jail.mount_allowed=1 #security.jail.param.allow.mount=1 security.jail.param.allow.mount.nullfs=1 security.jail.mount_nullfs_allowed=1 security.jail.param.allow.mount.devfs=1 security.jail.mount_devfs_allowed=1 and for the jail: (jailhost )...
forums.freebsd.org forums.freebsd.org


So am I right in thinking I need to create a /etc/fstab.myjail:

Code: 
/var/cache/pkg                /jails/myjail/var/cache/pkg                  nullfs  ro      0       0
 
Sorry, I should have provided my example already.
Code: 
/var/cache/pkg /usr/jails/fox/var/cache/pkg nullfs rw,late 0 0
The late parameter is related to mount parameter "-a", "-l" and "-L" for mounting after boot. May be is is ok not to use the late option. With the option "rw" instead of "ro" packages downloaded by pkg within the jail appear in the common repository /var/cache/pkg. With the option "ro" it should not be possible to store downloaded packages in case pkg is called from the jail. I have not tested that but I think so.
 
chrbr said:
hSorry, I should have provided my example already.
Code: 
/var/cache/pkg /usr/jails/fox/var/cache/pkg nullfs rw,late 0 0
The late parameter is related to mount parameter "-a", "-l" and "-L" for mounting after boot. May be is is ok not to use the late option. With the option "rw" instead of "ro" packages downloaded by pkg within the jail appear in the common repository /var/cache/pkg. With the option "ro" it should not be possible to store downloaded packages in case pkg is called from the jail. I have not tested that but I think so.
Click to expand...
Is this defined in /etc/fstab or /etc/fstab.myjail ?
 
The jail does not need to know. It sees a cache at /var/cache/pkg which is in real /jails/myjail/var/cache/pkg. But files below /jails/myjail are out of scope of the jail because this is the root from the jails perspective. So the jail is happy with the existing cache without having to be aware of the host.
 
Just following on from this principle, can I create a 'build' jail where the jail accesses /usr/src/ on the host without needing such a directory in the jail?
 
Shared directories between a jail an its host or between jails is a vector for compromise. Be very careful when doing this.
 
balanga said:
Just following on from this principle, can I create a 'build' jail where the jail accesses /usr/src/ on the host without needing such a directory in the jail?
Click to expand...
I have never tried that. There is also the question why and what to do with the compilation result.
 
balanga said:
Just following on from this principle, can I create a 'build' jail where the jail accesses /usr/src/ on the host without needing such a directory in the jail?
Click to expand...
You can even mount it read-only as the build(7) process won't write anything to /usr/src/. Intermediate files and compiled results are stored in /usr/obj/ (or wherever MAKEOBJDIRPREFIX is pointing to).
 
You must log in or register to reply here.
Back
Top