Re: jail services in podman

In reply to: Dave Cottlehuber: "Re: jail services in podman"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Stephan Lichtenauer <sl-pub-lists_at_honeyguide.de>
Date: Sat, 04 Jan 2025 17:20:47 UTC

"Dave Cottlehuber" <dch@skunkwerks.at> writes:

> On Fri, 3 Jan 2025, at 19:42, JH Foo wrote:
>> Can you elaborate how CMD helps to determine (quote) minimal 
>> dependencies are for each daemon or service? What happens if I 
>> were to
>
> If you run a normal startup with /etc/rc then that container 
> will
> expect all the freebsd goodies - syslog, utx, cron, mailer, etc.
> It will be more familiar but also fatter.
>
> If you manually trim down the dependencies, *and* your 
> application
> permits it, you can choose just to run your minimal app. It will
> require experimentation.
>
>> configure the container to run off jail /etc/rc.conf services?
>
> If you do that, no issues, *but* the container will exit as soon 
> as rc.conf
> startup finished (as the ENTRYPOINT or CMD has completed). OCI 
> containers
> are not the same as jails in this respect, by default.
>

Pot and Potluck has similar (even though not OCI compatible) 
capabilities.

You can look at the *-nomad images at 
https://github.com/bsdpot/potluck to get an idea how jails without 
starting a fully fledged FreeBSD jail with rc can look like.

Stephan