From nobody Fri Jan 03 19:42:17 2025 X-Original-To: freebsd-jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YPv9Y5g6sz5kM3G for ; Fri, 03 Jan 2025 19:42:25 +0000 (UTC) (envelope-from jhfoo@kungfoo.info) Received: from kovan.kungfoo.info (vps-d143d178.vps.ovh.ca [51.79.144.36]) by mx1.freebsd.org (Postfix) with ESMTP id 4YPv9X2wwNz43Yj for ; Fri, 3 Jan 2025 19:42:24 +0000 (UTC) (envelope-from jhfoo@kungfoo.info) Authentication-Results: mx1.freebsd.org; dkim=none; spf=neutral (mx1.freebsd.org: 51.79.144.36 is neither permitted nor denied by domain of jhfoo@kungfoo.info) smtp.mailfrom=jhfoo@kungfoo.info; dmarc=none Received: from [192.168.108.89] (unknown [192.168.130.87]) by kovan.kungfoo.info (Postfix) with ESMTP id C3A861BD87 for ; Sat, 04 Jan 2025 02:42:16 +0700 (+07) Message-ID: Date: Sat, 4 Jan 2025 02:42:17 +0700 List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: jail services in podman To: freebsd-jail@freebsd.org References: <9efebe67-e4e4-4919-bfdf-b7e29f4f0079@kungfoo.info> Content-Language: en-US From: JH Foo In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4YPv9X2wwNz43Yj X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.41 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-0.95)[-0.952]; NEURAL_HAM_SHORT(-0.57)[-0.568]; RCVD_NO_TLS_LAST(0.10)[]; MIME_GOOD(-0.10)[text/plain]; ONCE_RECEIVED(0.10)[]; XM_UA_NO_VERSION(0.01)[]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:16276, ipnet:51.79.128.0/17, country:FR]; R_SPF_NEUTRAL(0.00)[?all]; RCVD_COUNT_ONE(0.00)[1]; FROM_HAS_DN(0.00)[]; R_DKIM_NA(0.00)[]; MLMMJ_DEST(0.00)[freebsd-jail@freebsd.org]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_NA(0.00)[kungfoo.info]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; ARC_NA(0.00)[] Can you elaborate how CMD helps to determine (quote) minimal dependencies are for each daemon or service? What happens if I were to configure the container to run off jail /etc/rc.conf services? On 1/3/2025 1:56 AM, Dave Cottlehuber wrote: > On Tue, 31 Dec 2024, at 17:16, JH Foo wrote: >> Not sure if this is a jail or podman thing: I'm learning about running >> apps in Podman, and the recommendation seems to be to include a CMD in >> Containerfile/Dockerfile. When the binary called by the CMD ends, the >> jail is stopped. In the example >> (https://gitlab.com/bergblume/podman-caddy-on-freebsd/-/blob/master/caddy.yml?ref_type=heads), >> Caddy is run daemonless using this technique. >> >> My question is: in the world of sidecars is this still the right way to >> execute long-running (e.g. API) services? I'm using Bastille now and I >> set up Caddy (for example) as a service in /etc/rc.conf. Is this >> considered anti-pattern in Podman/OCI containers? > Yes. > On FreeBSD we’ll need to figure out what the minimal dependencies are for each daemon or service. > > For example I’ve been experimenting with dnsdist which has a docker-style —supervised flag where it runs in foreground and spits out logging info to stdout. This runs fine, others may require a wrapper script to set the appropriate things up. > > Alternatively add a rc.local that never returns? Then normal rc system could be used. Something like while true do sleep 99d; done? > > A+ > Dave >