Switching /etc/rc.d/jail to new syntax (+ new features)

Sat Jul 4 06:35:37 UTC 2009

Quoting Jamie Gritton <jamie at FreeBSD.org> (from Mon, 29 Jun 2009  
11:30:49 -0600):

> Alexander Leidinger wrote:
>
>>>>>> at http://www.leidinger.net/FreeBSD/current-patches/jail.diff I
>>>>>> have a patch to switch the jail rc script to the new jail
>>>>>> (8-current) syntax. This includes new config options for a jail
>>>>>> (see etc/defaults/rc.conf after patching). The patch also contains
>>>>>> my X-in-a-jail stuff (feel free to ignore this part, it's disabled
>>>>>> by default).
>>>>>>
>>>>>> If you do not make any config change, you will be able to see all
>>>>>> mounted filesystems of the entire machine. To get back to the
>>>>>> previous behavior, you have to add a config option:
>>>>>> jail_XXX_startparams="enforce_statfs=2"
>>>>>>
>>>>>> This config option can also take other jail parameters like
>>>>>> allow.sysvipc and other ones described in the jail man-page
>>>>>> (additional parameters need to be space separated).
>>>>>>
>>>>>> Feedback welcome.
>>>>>>
>>>>> 1) it break various things that will no longer work
>>>>>
>>>> As mentioned, it "breaks" the statfs part. If there's anything
>>>> else, be more specific please.
>>>>
>>> v6, noIP, ...
>>>
>>
>> I didn't change the IP handling in the rc script. Does this mean
>> jail(8) works differently regarding the address parsing when called
>> with the new parameters instead of the old options?
>>
>> I didn't test anything regarding ipv6, but as long as jail(8) doesn't
>> behave differently with the new calling syntax compared with what we
>> have in the tree, then the behavior is not differnt from what we have.
>> If it behaves differently, this can be fixed in the script.
>>
>
> There is a difference.  Under the old options, IPv4 and IPv6  
> addresses are mixed
> into the single fixed argument, and then are parsed to determine  
> which kind they
> are - both by jail(8) and rc.d/jail.  Under the new parameter-based  
> command line,
> IPv4 addresses and IPv6 address go with ip4.addr and ip6.addr respectively.

But why are my jails (with only one ipv4 address) starting correctly then?

> The rc.d/jail code that brings up addresses on an interface can be modified
> to decide which argument the address goes with.
>
> I've given Bjoern a patch based on yours that handles this as well  
> as the allow.*
> systctls (though I missed the statfs part).

Do you mind making it available somewhere?

Bye,
Alexander.

-- 
BOFH excuse #265:

The mouse escaped

http://www.Leidinger.net    Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org       netchild @ FreeBSD.org  : PGP ID = 72077137