[PATCH FOR REVIEW] Implementation of skeleton jail

Ruslan Ermilov ru at FreeBSD.org
Sat May 20 01:01:50 PDT 2006


On Sat, May 20, 2006 at 03:21:00PM +0800, Xin LI wrote:
> Hi, folks,
> 
> Here is an implementation of what I call it "skeleton jail".  The idea
> is that it is more or less to be common that we do not want to actually
> copy of the base system (sometimes even other stuff) across zillions of
> jails.
> 
> The skeleton jail is an approach that makes management of such jails
> easier, by making use of mount_nullfs(8) to make read-only shadow or
> read-write shadow from the so-called "skeleton root".
> 
> For instance, by default the skeleton jail would mount the following
> directories from the skeleton root (/) to the jail:
> 
> bin          -> ${_root}/bin
> sbin         -> ${_root}/sbin
> lib          -> ${_root}/lib
> libexec      -> ${_root}/libexec
> usr/bin      -> ${_root}/usr/bin
> usr/sbin     -> ${_root}/usr/sbin
> usr/include  -> ${_root}/usr/include
> usr/lib      -> ${_root}/usr/lib
> usr/libdata  -> ${_root}/usr/libdata
> usr/libexec  -> ${_root}/usr/libexec
> usr/sbin     -> ${_root}/sbin
> usr/share    -> ${_root}/share
> 
> In order to create the environment that is suitable for the skeleton
> jail (say, create the directory hierarchy, populate the /etc/ stuff,
> etc, but not the actual installworld), I have added a new target
> "installskel" to src/Makefile which will help the work.
> 
You really don't want the new "installskel" target, instead please use
the existing "distrib-dirs" and "distribution" targets from src/Makefile.


Cheers,
-- 
Ruslan Ermilov
ru at FreeBSD.org
FreeBSD committer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-rc/attachments/20060520/b98e2e15/attachment.pgp


More information about the freebsd-rc mailing list