[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] ports



On 10.01.12 05:06, alexus wrote:

> can I somehow link/share (nullfs?) my existing /usr/ports (from host) to jails?

While in theory you can, I strongly recommend not to (unless you trust
your jail's users). However, in order to use the ports in your jail, you
either have to nullfs-mount them rw, or put the following in all your
jail's make.conf:

WRKDIRPREFIX=           /var/ports
DISTDIR=                /var/ports/distfiles
PACKAGES=               /var/ports/packages
INDEXDIR=               /var/ports

Using ezjail-admin install -P will use portsnap to put the ports in the
right place and also install a working make.conf to the jail template.

The problem with shared ports is obvious if you mount them rw. If you do
mount them ro, they still expose much information about the host system
(i.e. which ports in which version are installed) and expose risks like
this:

http://www.freebsd.org/cgi/query-pr.cgi?pr=100164

> P.S. I gotta say ezjail is rulez ;p, so far i'm luvin it and best of
> all it's written in shell :))

Glad to be at your service :)

  erdgeist