Tinderbox inside a jail
Dmitry Marakasov
amdmi3 at amdmi3.ru
Tue Jul 21 20:36:23 EDT 2009
* Terry Sposato (tinderbox at comtron.com.au) wrote:
> I am very new to the Tinderbox game and am wondering if it is possible
> to have Tinderbox run within a Jail.
I've tried to do this once, but then just dropped it. My current
tinderbox is running partially in a jail. That is, lighttpd and mysql
are jailed, but tinderd and thus actual builds are ran in a plain
chroot to the same path as jail. That works pretty good.
As far as I remember, you'll need to set:
security.jail.enforce_statfs=0,
security.jail.mount_allowed=1
If you use nullfs, you'll also need to patch kernel to mark nullfs
`jail-friendly' (or else you'll not be able to mount it from jail
even with above sysctl settings).
Unfortunately I do not remember whether I've just decided that these
settings leave no sence in using jails as they're (all jails in
the system, also) basically turned into something closer to a mere
chroot, or there were more problems I could not overcome.
I believe upcoming 8.0 with hierarchical jails will be much more
suitable for this.
--
Dmitry Marakasov . 55B5 0596 FF1E 8D84 5F56 9510 D35A 80DD F9D2 F77D
amdmi3 at amdmi3.ru ..: jabber: amdmi3 at jabber.ru http://www.amdmi3.ru
More information about the tinderbox-list
mailing list