Am 09.11.20 um 00:40 schrieb Tatsuki Makino:
I think you need to rewrite all the files under /etc that have /usr/local in them. For example, ldconfig_paths in /etc/rc.conf.
I have committed that change a few days ago, and it was heavily disputed by those who think that there never should be a path other than /usr/local used for LOCALBASE.
Perhaps we need to apply it to both host and jail.
It is in -CURRENT and I could MFC to -STABLE, but it will take some time to arrive in a release (with 12.2 just finished).
If the shell of the user root of a jail is csh, the PATH of /root/.cshrc in jail may also be relevant.
There are a number of files that need to be adjusted if LOCALBASE is not /usr/local, and I'm willing to put proposed patches up for review and commit them if accepted.
In addition, /root/.profile is another file that defines the PATH.
Yes, and there are many more.
I have added _PATH_LOCALBASE to /usr/include/paths.h in -CURRENT
to be picked up by binaries.
There already is ${LOCALBASE} in the Makefile in /usr/src and it
is used in some isolated parts of the tree to support a LOCALBASE
other than /usr/local.
But /usr/local has been hard-coded in FreeBSD for decades (not in
many files and binaries, but in some critical ones) and it takes
effort to make this a parameter that can be easily adjusted.
But there are down-sides: Making this parameter variable can lead
to security issues, since an attacker might be able to circumvent
policy restrictions and authorization checks.
I'm all for making it easy to build a system for another value of
LOCALBASE, but I'm not convinced that being able to choose another
value at run-time is worth the vulnerabilities this may create.
However, when you do all that, it's already a different OS distribution than FreeBSD, isn't it :) ?
No, I don't think so. It is still FreeBSD, but you have to understand that it is FreeBSD without pre-built packages, since most of them can be built for a different LOCALBASE (but not all!) but the official packages won't run (need a re-compile). This may change if packages start to use the proposed getlocalbase() function to construct paths at run-time. Other files provided by a port need to be patched at install time (may apply to configuration files rc scripts, ...) Making FreeBSD friendly to environments that have a need for another LOCALBASE than /usr/local will take a lot of effort and contributions are welcome, as long as they do not cause issues for the large majority that will continue to use the default of /usr/local. Regards, STefan
OpenPGP_signature
Description: OpenPGP digital signature
