Re: jail.conf question (vnet.interface)

Reply: James Gritton : "Re: jail.conf question (vnet.interface)"
In reply to: James Gritton : "Re: jail.conf question (vnet.interface)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Milan Obuch <freebsd-jail_at_dino.sk>
Date: Mon, 07 Jun 2021 07:04:31 UTC

On Sun, 06 Jun 2021 09:23:58 -0700, James Gritton <jamie@gritton.org>
wrote:

> On 2021-06-06 06:35, Milan Obuch wrote:
> > Hi,
> > 
> > for vnet jails, one needs to move some interface into created
> > virtual stack. In jail.conf, this could be achieved using
> > 
> > jail0
> >  {vnet;
> >   vnet.interface = re2;
> >  }
> > 
> > and initialize moved interface using standard /etc/rc.conf 
> > configuration
> > file in jail jail0.
> > 
> > Adding small paragraph about this in jail.conf man page would be
> > useful. I know it is in jail man page in some form, but it deserves
> > mentioning this in example section in jail.conf man page. At least,
> > this makes it easier to find for first comers :) (Well, that's not
> > me, I am using vnet jails aka VIMAGE from the start as an
> > experimental feature in FreeBSD 4 or 5, almost 20 years ago.)  
> 
> True, it would make sense to add a vnet example, since it's now
> included in the default kernel.
>

I looked once more, my suggestion would be just add another config
snippet into EXAMPLES section. Maybe something like my snippet above,
with comment pointing to jail(8) man page for more variables. While
this man page is mentioned in SEE ALSO section, it would be better to
make this link more prominent, along with simple example of vnet jail
usage.

> > I need more interfaces moved this way. It is no problem issue
> > manually
> > 
> > ifconfig re3 vnet jail0
> > 
> > but trying to write
> > 
> > jail0
> >  {vnet;
> >   vnet.interface = re2;
> >   vnet.interface = re3;
> >  }
> > 
> > in jail.conf means only re3 is moved and can be configured with
> > standard rc.conf config file. First instance (re2) is kind of
> > overwritten and forgotten.
> > 
> > Is it possible to move more interfaces this way at all? I'd like to
> > avoid any hacks if possible, and any workaround for this is ugly...
> >  
> 
> It's not possible to add more than one interface that way.  It would
> make sense for vnet.interface to be an array, so you could say have a
> comma-separated list or say "vnet.interface += re3".
>

Where is this functionality implemented (at least for ip4.addr list)?
Which file? Is it a script of some kind?

> Currently, anything more than one interface would need to be an
> ifconfig command added to "exec.created".
>

Thanks for notice. Just to be sure, for interested ones - such a command
is executed before anything else, namely /etc/rc from jail. I have some
special scenarion where I am not using /etc/rc in jail, just
exec.created.

Regards,
Milan