rc.d/jail and jail.conf
Jamie Gritton
jamie at FreeBSD.org
Mon Apr 1 02:24:29 UTC 2013
On 03/31/13 20:01, Paul Schenkeveld wrote:
> On Sun, Mar 31, 2013 at 09:14:23PM +0200, Dirk Engling wrote:
>>
>> On Sun, 31 Mar 2013, Jamie Gritton wrote:
>>
>>> If you don't mind some slightly difficult error messages, you can always
>>> "disable" a jail with exec.prestart="false". jail(8) requires all
>>> commands to succeed, and in particular won't even create a jail when one
>>> of the prestart commands fails.
>>
>> This violates POLA, but failing with
>>
>> exec.prestart="echo skipping jail; exit 1"
>>
>> might work. Even though this is not a good marker from a scripting
>> perspective.
>
> Will this prevent all preparations from happening, i.e. will filesystems
> be mounted for jails disabled this way?
It will unroll anything that's been done, or at least try to. So
filesystems will be mounted, and then unmounted.
> Although this may work, I think that this looks dirty. I'd really prefer
> a "disabled" or "noauto" keyword instead.
Oh it's definitely dirty - just something I threw out there as a hack.
- Jamie
More information about the freebsd-jail
mailing list