/etc/rc.d/jail using new-style jail command?
Fbsd8
fbsd8 at a1poweruser.com
Mon Jun 20 02:16:04 UTC 2011
Lars Kellogg-Stedman wrote:
> Hello all,
>
> I'm curious if there's been any work done to make /etc/rc.d/jail use
> the new-style jail command (jail -c path=... name=..., etc)...or if
> there's been any work done to create a replacement? There are three
> features I would love to see in the stock version that I've had to
> implement myself:
>
> - The ability to reference jails by name. Passing the
> name=<jail_name> argument means that jails can be referenced by name
> when using, e.g., the jexec command, which is very convenient since
> jail ids aren't (normally) persistent.
>
> - The ability to create jails without starting them. The "persist"
> argument to the jail command is useful when attaching ZFS datasets to
> a jail. A ZFS dataset can't be attached until a JID has been
> allocated, but if with the existing implementation the jail will
> probably have booted by the time you complete the ZFS assignment,
> which impacts services that may need access to the jail. There are
> workarounds (such as a busy-wait loop that checks for the filesystem),
> but creating the jail with no processes, attaching the datasets, and
> then starting the jail is much cleaner.
>
> - Somewhat more flexibility in setting up jail permissions (via the
> enforce_statfs and allow.* arguments).
>
> Before I spend too much time making my own local changes, I was
> wondering if there was anything I should be looking at. I've been
> using ezjail recently, but since it relies on the stock /etc/rc.d/jail
> to actually boot and configure jails it suffers from the same
> limitations.
>
> Thanks,
>
> -- Lars
>
>
Give the qjail port a try. It has the ability to reference jails by name
and create jails without starting them. Though it does not use the
new-style jail command.
More information about the freebsd-questions
mailing list