misc/97697: [PATCH] rc.conf - jail_<j>_exec_afterstart[0..n]
Deyan Dyankov
deyan.dyankov at gmail.com
Tue May 23 15:40:53 UTC 2006
>Number: 97697
>Category: misc
>Synopsis: [PATCH] rc.conf - jail_<j>_exec_afterstart[0..n]
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue May 23 15:40:18 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Deyan Dyankov
>Release: FreeBSD 6.1-STABLE
>Organization:
>Environment:
FreeBSD porky 6.1-STABLE FreeBSD 6.1-STABLE #1: Sat May 13 19:34:29 EEST 2006 root@:/usr/obj/usr/src/sys/PORKY i386
>Description:
A common patch - nothing unusual.
My situation: I have a jail (web) running lighttpd. If I want to start the jail using /etc/rc.conf I simply put:
jail_web_rootdir="/j/web"
jail_web_hostname="web"
jail_web_ip="aaa.bbb.ccc.ddd"
jail_web_exec_start="/w/sbin/lighttpd -f /w/conf/lighttpd.conf"
jail_web_exec_stop=""
jail_web_devfs_enable="YES"
jail_web_devfs_ruleset="webjail"
jail_web_mount_enable="NO"
But what happens If I want to run proftpd in the same jail? Yes - I could write a simple shell script like this one:
#!/bin/sh
/w/sbin/lighttpd -f /w/conf/lighttpd.conf
/proftpd/sbin/proftpd
and run the shell script with jail_web_exec_start=""
BUT! I don't want /bin/sh installed (for obvious security reasons). The jail contains only the required libraries for its services.
I've patched /usr/src/etc/rc.d/jail in order to allow constructions like:
jail_web_exec_afterstart0="/proftpd/sbin/proftpd"
jail_web_exec_afterstart1="..."
jail_web_exec_afterstart2="..."
.and so on.
Here's the patch - http://88.80.96.36/jail.diff - I hope it'll be useful.
Sorry if there's something missing or wrong - this is my first patch for FreeBSD.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list