I am building systems and at the final stage of the build, it makes the system live or off which entails enabling or disabling services as well as starting or stopping them. This same functionality exists on the systems at runtime so that I can easily make the system live by providing all the services. Or, conversely, disable all services so that I may triage.
I was having an issue with starting and stopping services in a chrooted environment (at build time) impacting the host. I fixed that by checking if I was in a chrooted environment and skipping running any service actions. Prior to the fix, I thought services I started in the jail would be independent, but they share the same namespace.
Since I already setup and use jails, it seems like to better avoid impacting the host system in the future, I should run the build inside a jail which I can then easily cleanup afterwards by removing the configuration file. Besides using separate hardware to do my builds, is that the best approach or are there any additional opportunities I am missing?
Thanks,
I was having an issue with starting and stopping services in a chrooted environment (at build time) impacting the host. I fixed that by checking if I was in a chrooted environment and skipping running any service actions. Prior to the fix, I thought services I started in the jail would be independent, but they share the same namespace.
Since I already setup and use jails, it seems like to better avoid impacting the host system in the future, I should run the build inside a jail which I can then easily cleanup afterwards by removing the configuration file. Besides using separate hardware to do my builds, is that the best approach or are there any additional opportunities I am missing?
Thanks,