Re: jail services in podman

Can you elaborate how CMD helps to determine (quote) minimal 
dependencies are for each daemon or service? What happens if I were to 
configure the container to run off jail /etc/rc.conf services?

On 1/3/2025 1:56 AM, Dave Cottlehuber wrote:
> On Tue, 31 Dec 2024, at 17:16, JH Foo wrote:
>> Not sure if this is a jail or podman thing: I'm learning about running
>> apps in Podman, and the recommendation seems to be to include a CMD in
>> Containerfile/Dockerfile. When the binary called by the CMD ends, the
>> jail is stopped. In the example
>> (https://gitlab.com/bergblume/podman-caddy-on-freebsd/-/blob/master/caddy.yml?ref_type=heads),
>> Caddy is run daemonless using this technique.
>>
>> My question is: in the world of sidecars is this still the right way to
>> execute long-running (e.g. API) services? I'm using Bastille now and I
>> set up Caddy (for example) as a service in /etc/rc.conf. Is this
>> considered anti-pattern in Podman/OCI containers?
> Yes.
> On FreeBSD we’ll need to figure out what the minimal dependencies are for each daemon or service.
>
> For example I’ve been experimenting with dnsdist which has a docker-style —supervised flag where it runs in foreground and spits out logging info to stdout. This runs fine, others may require a wrapper script to set the appropriate things up.
>
> Alternatively add a rc.local that never returns? Then normal rc system could be used. Something like while true do sleep 99d; done?
>
> A+
> Dave
>