Allowing meta-namespace in jail.conf
Dirk Engling
erdgeist at erdgeist.org
Fri Oct 18 20:42:12 UTC 2013
Dear jail enthusiasts,
in order to move forward with my jail management project ezjail, and
make it support the new jail.conf way of managing jail configs, I need a
way to add properties to jails that are currently not in the list of
allowed parameters. I was thinking of something like
web-jail {
name = 'www.test.com';
meta.ezjail.imagetype = 'zfs';
meta.ezjail.zfsdataset = 'tank/ezjail/www.test.com-data';
}
Alternatively, I could keep a shadow tree of config options and generate
jail configs on the fly, but that would mean not using the power of the
new jail config format. This can also lead to conflicting settings (e.g.
from wildcard jails or global options) and unexpected parts of the
system to look for configs.
Another issue is the complexity of the jail.conf format which makes it
hard to automatically manipulate entries. I've started working on a
parser/generator in shell, but wondered if there are any plans to add a
way to remove jail blocks (adding is easier) and add/modify/delete
parameters in jail blocks. Some standardized way to get the result from
jail(8)'s parser would of course be a nice start.
Any thoughts on that?
erdgeist
More information about the freebsd-jail
mailing list