rc.d/jail and jail.conf

Miroslav Lachman 000.fbsd at quip.cz
Sun Mar 31 17:09:32 UTC 2013 

Jamie Gritton wrote:
> On 03/31/13 09:12, Miroslav Lachman wrote:
>> Jamie Gritton wrote:
>>> On 03/30/13 14:59, Dirk Engling wrote:
>>>> On Sat, 30 Mar 2013, Nicolas de Bari Embriz Garcia Rojas wrote:
>>>>
>>>>> If I am right you can define the order of start for jails in the
>>>>> jail2_list (rc.conf), something like:
>>>>>
>>>>> jail2_list="jail1 jail2"
>>>>
>>>> Thanks, I suppose it mimicks the way rc.d/jail has handled it. I just
>>>> wondered if there's a way to have this order automatically
>>>> determined by
>>>> a dependency graph, it's a minor request, though.
>>>
>>> jail(8) itself does the dependency graph. So the jail2 startup needs to
>>> run a single jail command instead of one for each jail.
>>
>> So it means jail2 should be fixed, because it runs
>> jail -c -i -J /var/run/jail_${_j}.id ${_j}
>> for each jail from jail2_list="jailA jailB"
>
> Yes it does.
>
>> Is there a way to disable jail defined in jail.conf? (to avoid
>> jail2_list in rc.conf)
>
> I'm not sure what you're asking. You want a jail in jail.conf that's not
> started up?

Yes, I am asking if there can be some variable or parametr in jail.conf 
for jail which we don't want to start by jail command, but leave its 
configuration in jail.conf.
I am not saying I need it right now, but I can imagine a scenario where 
it can be useful.

In the old style with rc.conf, we can have defined for example 5 jails 
(jailA to jailE) and then enabled only some of them to start at boot 
time by defining jail_list="jailA jailB jailC".

With syntax of new jail.conf one must delete or comment out the whole 
jailD and jailE definitions to stop loading them at boot time.
Am I right?

So is it possible to add some keyword to jail.conf jails definition? 
Something like "disabled" or "noautostart" or anything else...

      foo {
              disabled;
              host.hostname = "foo.com";
              ip4.addr = 10.1.1.1, 10.1.1.2, 10.1.1.3;
      }

Then one can easily disable jail "foo" without a need to remove its 
configuration.

>> And what happens if there is jail2_list="jailA jailB" in rc.conf and
>> jailB is defined in jail.conf as dependency of jailA? I guess rc.d/jail2
>> will try to start jailB again.
>> It will be started as dependency of jailA by first jail command starting
>> jailA.
>> Or new jail(8) doesn't start the "depend" jail automatically and just
>> check its existence?
>> I didn't try it yet.
>
> It will start jailB as part of starting jailA, and then it will try to
> start jailB again on its own. So yes, it needs work.

Thank you for explanation.

Miroslav Lachman

More information about the freebsd-jail mailing list