rc.shutdown and jails

Ralf S. Engelschall rse+freebsd-hackers at FreeBSD.org
Sat Dec 11 04:54:49 PST 2004 

On Sat, Dec 11, 2004, Michal Belczyk wrote:

> On Sat, Dec 11, 2004 at 12:44:12AM -0800, Julian Elischer wrote:
> > Ralf S. Engelschall wrote:
> > >On Fri, Dec 10, 2004, Nielsen wrote:
> > >>Ralf S. Engelschall wrote:
> > >>
> > >>>Currently a "/etc/rc.d/jail stop" just kills all processes in the
> > >>>individual jails. If /etc/default/rc.conf's default way of booting the
> > >>>jails (jail_exec="/bin/sh /etc/rc") is used this is a rather crual
> > >>>approach IMHO. I think if the jail is booted through /etc/rc it also
> > >>>should be given the chance to shutdown via /etc/rc.shutdown. If then
> > >>>there are still processes remaining, the killall(1) is fine, of course.
> > >>>This way packages and other sub-systems have the chance to perform a
> > >>>graceful shutdown.
> > >>
> > >>Definitely a good plan. You just have to watch out for environment
> > >>variable leakage into the jail subsystem when using jexec. A minor
> > >>concern, perhaps.
> > >>[...]
> > >
> > >
> > >Ok, good point. I think running "env -i /usr/sbin/jexec" instead of
> > >just "jexec" is sufficient here because the rc.shutdown reinitializes
> > >at least PATH and HOME again and the remaining variables should be not
> > >needed for the procedure.
> >
> > I think we should introduce an "init" process for jails..
> >
> > It would be responsible for all that the normal init is responsible for
> > except for being the default parent.. (some might argue for that too).
> > Sending it a particular signal would notify it to
> > send shutdown signals to all its compatriots in the jail etc.
>
> That's what Nielsen's jailer or my kjailer(*) do. Just set jail_blah_exec
> to point it.
>
> (*) http://www.bsd.krakow.pl/kjailer.tbz

Ok, I think we have two issues here:

1. The rc mechanism should be improved to better support the
   automatic starting and stopping of jails. This is what
   I currently try to address here as the first step.

2. The jail controlling through an init-style process is
   a reasonable addon functionality. This is what jailer and kjailer try
   to address and which is the foundation of a program which IMHO in the
   long term should be added to the base system, too.

Point (2) depends on (1), I think. Hence I suggest the following
improved change which already plays nicely according to my tests with
both plain rc/rc.shutdown-based jails and kjailer-based jails:

   http://people.freebsd.org/~rse/work/jail-startstop.txt

Further feedback on this change is desired...

--
rse at FreeBSD.org                        Ralf S. Engelschall
FreeBSD.org/~rse                       rse at engelschall.com
FreeBSD committer                      www.engelschall.com

More information about the freebsd-hackers mailing list