skill(freebsd): sharpen thin-jail detection caveat
The per-jail 'pkg info -e FreeBSD-runtime' detection is reliable for thick jails (independent base) but may be empty or error on thin jails — a thin jail has no independent pkg-managed base; its method follows the release template it was bootstrapped from, and it's upgraded at the template level, not per-jail. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
parent
1b6e11775f
commit
6b39929fb5
1 changed files with 7 additions and 2 deletions
|
|
@ -112,8 +112,13 @@ tolerated, but move them up for consistency + security). OSA uses **Bastille**
|
|||
- **Thin jail** — a clone/overlay of a bootstrapped release template. Bootstrap
|
||||
the new release once, then bring each thin jail up off it.
|
||||
|
||||
Each jail's base is managed the same two ways as the host — detect per jail:
|
||||
`bastille cmd <jail> pkg info -e FreeBSD-runtime` (pkgbase) vs freebsd-update.
|
||||
Each jail's base is managed pkgbase or freebsd-update. For a **thick** jail
|
||||
(independent base) detect it directly:
|
||||
`bastille cmd <jail> pkg info -e FreeBSD-runtime` (present = pkgbase). On a
|
||||
**thin** jail this may be empty or error — a thin jail has no independent
|
||||
pkg-managed base; its method follows the release **template** it was bootstrapped
|
||||
from, and you upgrade it at the template level (re-bootstrap / re-clone or
|
||||
`bastille upgrade`), not per-jail.
|
||||
|
||||
Bastille flow (confirm against the installed Bastille version + bootstrap method):
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue