FreeBSD: Mount /usr/ports Inside Jail

Q. I’d like to save disk space for my FreeBSD 7 ISP server. We run webserver, nameserver from various jails under powerful HP RAID 10 server. How do I export /usr/ports from host to each jail hosted on /jail/ volume such as /jail/www, /jail/ns, /jail/sql etc?

A. You need to use the mount_nullfs command. It creates a null layer, duplicating a sub-tree of the file system name space under another part of the global file system namespace. This allows existing files and directories to be accessed using a different pathname. You need to run this command outside jail.

ADVERTISEMENTS

Option #1: Mount ports in read write mode

Login as root and type the following command:
# D=/jail/www
# mkdir -p $D/usr/ports
# mount_nullfs /usr/ports $D/usr/ports
# mount | sort

Now login to jail called www (jail id # 10):
# jls
# jexec 10 sh

Try to install apache22:
# cd /usr/ports
# cd www/apache22
# make install clean

Option #2: Mount ports in read only mode

As suggested by reader Mel, you can mount ports tree in read only mode. This may result into ports tree integrity in a long run.
D=/jail/www
mkdir -p $D/usr/ports
mount_nullfs -o ro /usr/ports $D/usr/ports

Mount /var/distfiles in read-write mode:
# mkdir $D/var/distfiles
# mount_nullfs -o rw /usr/ports/distfiles $D/var/distfiles

Now install port called php5:
# cd /usr/ports/lang/php5
# make install clean WRKDIRPREFIX=/tmp

You need to set WRKDIRPREFIX as ports installed in read only mode. WRKDIRPREFIX specifies where to create any temporary files. You need to set WRKDIRPREFIX and variables as follows to make them a permanent settings in /etc/make.conf file:

WRKDIRPREFIX=           /var/ports
DISTDIR=                /var/ports/distfiles
PACKAGES=               /var/ports/packages

Where,

  • WRKDIRPREFIX : Where to create any temporary files.
  • DISTDIR : Where to find/put distfiles.
  • PACKAGES : Used only for the package target; the base directory for the packages tree, normally packages/ in PORTSDIR.

You can create those directory with the following make command:
# mkdir -p /var/ports/{packages,distfiles}

Further readings

  • man page ports, make
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
7 comments… add one
  • Mel Oct 5, 2008 @ 21:57

    It’s better to mount read-only, so you don’t make changes to the ports in either, both or neither. Secondly, you don’t get to deal with the port’s cookies (${WRKDIR}/.*_done) when you build port foo in either.

    Setting:
    DISTDIR
    WRKDIRPREFIX

    to a jail writeable directory is required.

    I myself use:
    mkdir $D/var/distfiles
    mount -t nullfs -o rw /usr/ports/distfiles $D/var/distfiles

  • 🐧 nixCraft Oct 6, 2008 @ 6:56

    Nice tips. Thanks for sharing with us. The FAQ has been updated to incorporate your view.

  • SIFE Oct 5, 2010 @ 21:24

    I get this error:
    mount_nullfs: Operation not supported by device

    CO=/compat/i386/usr
    mount -t nullfs /usr $CO

    I try to mount in chroot environment.

  • SIFE Oct 5, 2010 @ 21:25

    I forget to add output of error:

    mount_nullfs: Operation not supported by device

  • SIFE Nov 24, 2010 @ 5:42

    I think we have first to load nullfs module then mount any specified directory in jail:

    #cd /usr/src/sys/modules/nullfs
    #make && make install clean
    #kldload nullfs
    #CO=/compat/i386/usr
    #mount -t nullfs /usr $CO

  • Amy Lichti May 15, 2014 @ 19:20

    When I type the first command D=/jail/www (of course with my directory) I get D=/jail/www Command not found.

    Can you please help me fix this.

    thank you,
    Amy

  • Uwe Trenkner Jul 3, 2014 @ 7:34

    Thanks for this (old) post – it just helped me set up my jails!

    Two minor things:
    You suggest to create those directory with the following make command:
    # mkdir -p /var/ports/{packages,distfiles}

    However, whether or not this command works, depends on your current shell. It does work for tcsh but not for sh.

    And there is a small mistake in option #2:

    Here you use the directory /var/distfiles
    Mount /var/distfiles in read-write mode:
    # mkdir $D/var/distfiles
    # mount_nullfs -o rw /usr/ports/distfiles $D/var/distfiles

    But later you suggest to put this into /etc/make.conf:
    DISTDIR= /var/ports/distfiles

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.