Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 25 Aug 2020 13:50:26 -0700
From:      David Christensen <dpchrist@holgerdanske.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: Jail question: packages with relative symlinks
Message-ID:  <24d244da-43e4-9a5e-e940-3f183bc5a50e@holgerdanske.com>
In-Reply-To: <f3636f36-b6ce-3e8a-878a-bf8d5f75144d@kicp.uchicago.edu>
References:  <f3636f36-b6ce-3e8a-878a-bf8d5f75144d@kicp.uchicago.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2020-08-25 09:51, Valeri Galtsev wrote:
> Dear Experts,
> 
> I've got question about jails, namely, what do you do if some package 
> you install in jail brings relative symlink(s)?
> 
> I install jails "by the book" and if relative symlinks are in 
> /usr/local, there is no problem with those, as in jail an equivalent of 
> /usr/local is
> 
> /s/usr-local
> 
> and the depth is the same as on real system. However, /etc in jail is
> 
> /s/etc
> 
> and if package brings relative symlink to /etc, in jail it will point 
> nowhere. I just resolved this failure for package ca_root_nss in jail. 
> This package places in
> 
> /etc/ssl
> 
> relative symlink:
> 
> cert.pem --> ../../usr/local/share/certs/ca-root-nss.crt
> 
> In jail, however it is situated in
> 
> /s/etc/ssl
> 
> so the above relative symlink points nowhere. I did a "trivial" thing, 
> just replaced relative symlink with absolute one:
> 
> cert.pem --> /usr/local/share/certs/ca-root-nss.crt
> 
> ,and as this symlink is owned by the package ca_root_nss, I locked that 
> package, to prevent it from "automagically" replacing symlink with 
> relative if updated package is installed.
>
> This is kind of crude solution, standing next to the "hack", so I do not 
> like what I did.
> 
> 
> I wonder, how jail experts deal with relative symlinks when some package 
> brings it into place where filesystem depth in jail is different from 
> real system.
> 
> 
> Thanks.
> Valeri

I am no jail expert, but AIUI jails include chroot(8) functionality. 
So, all paths used within a jail will be resolved within the jailed tree.


If you log in to the jail as root and install your software from there, 
it should just work.


David


p.s. Lucas wrote some good books that cover jails:

[1] https://mwl.io/nonfiction/os#af3e

[2] https://mwl.io/nonfiction/os#fmjail

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?24d244da-43e4-9a5e-e940-3f183bc5a50e>