On 2014-07-29 17:44, Warren Block wrote: > This is tangential to my earlier changes to mergemaster. > > I'm working on an ezjail addition for the Handbook. The update section > shows both source and binary updates. > > For source, ezjail-admin update -b on the host does a > buildworld;installworld on the basejail. > > For binary, ezjail-admin update -r on the host uses freebsd-update to > update the basejail. > > mergemaster is used after either on a real machine. By default, the > ezjail basejail does not even have a copy of the source, making running > mergemaster from inside the jail a bit difficult. > > What process for running mergemaster should I suggest? Maybe different > ones for trusted and untrusted jails? > > The host can update trusted jails: > mergmaster -U -D /usr/jails/jailname > > (It might not be safe to consider any jail "trusted".) > > The untrusted procedure is a lot fuzzier to me. Mount /usr/src on the > basejail, then only run mergemaster from inside the jails? Is there a > good way? Or a standard way? > > As with other things for the Handbook, we should be showing best > practices. What is the best practice for mergemaster on any random > jail, trying to conserve disk space as much as is safely possible? > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
This will mount /usr/src into the basejail read-only: mount -t nullfs -o ro /usr/src /usr/jails/basejail/usr/src -- Allan Jude
signature.asc
Description: OpenPGP digital signature
