From owner-freebsd-questions@FreeBSD.ORG Fri Aug 28 10:45:21 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C351A1065670 for ; Fri, 28 Aug 2009 10:45:21 +0000 (UTC) (envelope-from mail25@bzerk.org) Received: from ei.bzerk.org (tunnel490.ipv6.xs4all.nl [IPv6:2001:888:10:1ea::2]) by mx1.freebsd.org (Postfix) with ESMTP id 350F48FC08 for ; Fri, 28 Aug 2009 10:45:21 +0000 (UTC) Received: from ei.bzerk.org (BOFH@localhost [127.0.0.1]) by ei.bzerk.org (8.14.2/8.14.2) with ESMTP id n7SAjG85030364; Fri, 28 Aug 2009 12:45:16 +0200 (CEST) (envelope-from mail25@bzerk.org) Received: (from bulk@localhost) by ei.bzerk.org (8.14.2/8.14.2/Submit) id n7SAjGQW030363; Fri, 28 Aug 2009 12:45:16 +0200 (CEST) (envelope-from mail25@bzerk.org) Date: Fri, 28 Aug 2009 12:45:16 +0200 From: Ruben de Groot To: APseudoUtopia Message-ID: <20090828104516.GB30068@ei.bzerk.org> Mail-Followup-To: Ruben de Groot , APseudoUtopia , freebsd-questions@freebsd.org References: <27ade5280908261959q39aeab15ta300048b861a50f7@mail.gmail.com> <6201873e0908262010n1f554fa6p88895ee4641a5620@mail.gmail.com> <200908271135.13045.erich@apsara.com.sg> <27ade5280908270713g5710797xadb07b5055158808@mail.gmail.com> <6201873e0908270803k639b4742w1211d686607f7e9@mail.gmail.com> <27ade5280908270928s256bed30s2cc75587b22577b1@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <27ade5280908270928s256bed30s2cc75587b22577b1@mail.gmail.com> User-Agent: Mutt/1.4.2.3i X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on ei.bzerk.org X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0.1 (ei.bzerk.org [127.0.0.1]); Fri, 28 Aug 2009 12:45:20 +0200 (CEST) Cc: freebsd-questions@freebsd.org Subject: Re: Information on Setting up a Jailed Webserver X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Aug 2009 10:45:21 -0000 On Thu, Aug 27, 2009 at 12:28:26PM -0400, APseudoUtopia typed: > Two more questions then I should be ready to go with my jail(s). > > In order to minimize the HDD space of the jail, can I add things in my > src.conf such as > WITHOUT_BOOT, WITHOUT_ACPI, WITHOUT_PF? Yes you can. Another option is to use read only nullfs mounts for e.g. /usr, /lib, /sbin/ /bin to populate the jail. That will cost you no HDD space at all. The ezjail port, allready mentioned, can more or less automate this. > I do use pf on the host system, but it isn't needed inside the jail as > well, correct? Rather, it's not possible to use inside a standard (non-vimage) jail. There's only one network stack. > Also, is it possible to compile a port (specifically nginx) inside the > host, then simply cp it into the jail and run it? I'd like to do this > to avoid installing a compiler into the jail itself. make package-recursive Ruben > Thanks again for the help. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"