git: 13aa8b9d6d - main - Status/2025Q1/jailmeta.adoc: Add report

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Igor Ostapenko <igoro_at_FreeBSD.org>
Date: Tue, 08 Apr 2025 12:02:02 UTC
The branch main has been updated by igoro:

URL: https://cgit.FreeBSD.org/doc/commit/?id=13aa8b9d6db47859eb80ffa6ba7aab2a6ca70c79

commit 13aa8b9d6db47859eb80ffa6ba7aab2a6ca70c79
Author:     Igor Ostapenko <igoro@FreeBSD.org>
AuthorDate: 2025-04-08 12:00:47 +0000
Commit:     Igor Ostapenko <igoro@FreeBSD.org>
CommitDate: 2025-04-08 12:00:47 +0000

    Status/2025Q1/jailmeta.adoc: Add report
    
    Reviewed by:    salvadore
    Sponsored by:   SkunkWerks GmbH
    Differential Revision:  https://reviews.freebsd.org/D49586
---
 .../en/status/report-2025-01-2025-03/jailmeta.adoc | 29 ++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/website/content/en/status/report-2025-01-2025-03/jailmeta.adoc b/website/content/en/status/report-2025-01-2025-03/jailmeta.adoc
new file mode 100644
index 0000000000..b87553624c
--- /dev/null
+++ b/website/content/en/status/report-2025-01-2025-03/jailmeta.adoc
@@ -0,0 +1,29 @@
+=== Jail metadata feature
+
+Links: +
+link:https://cgit.freebsd.org/src/commit/?id=30e6e008bc06385a66756bebb41676f4f9017eca[The main commit] URL: link:https://cgit.freebsd.org/src/commit/?id=30e6e008bc06385a66756bebb41676f4f9017eca[]
+
+Contact: Igor Ostapenko <igoro@FreeBSD.org> +
+Contact: Dave Cottlehuber <dch@FreeBSD.org>
+
+The `meta` and `env` new parameters of man:jail[8] have been introduced.
+Each one is an arbitrary string associated with a jail.
+It can be set upon jail creation or added/modified later:
+
+  # jail -cm ... meta="tag1=value1 tag2=value2" env="configuration"
+
+The values are not inherited from the parent jail.
+A parent jail can read both metadata parameters, while a child jail can read only `env` via the newly added `security.jail.env` sysctl.
+
+The maximum size of `meta` or `env` per jail is controlled by the global `security.jail.meta_maxbufsize` sysctl.
+Decreasing it does not alter the existing meta information.
+
+Each metadata buffer can optionally be handled as a set of `key=value\n` strings:
+
+  # jail -cm ... meta="$(echo k1=v1; echo k2=v2)" env.1=one
+  # jls meta.k2 env.1 meta.k1
+
+While `meta.k1=""` or `meta.k1=` resets the value to an empty string, the `meta.k1` without the equal sign removes the given key.
+The flua's libjail has been updated respectively to support the key-based handling.
+
+Sponsor: SkunkWerks GmbH