rc.d/jail and jail.conf

Miroslav Lachman 000.fbsd at quip.cz
Sun Mar 31 20:01:15 UTC 2013

Dirk Engling wrote:
> On 30.03.13 21:38, Miroslav Lachman wrote:
>> jail_myjail_flags="-l -U root -n myjail"
> When trying to pass a my hostname (foo.com) as jailname like that,
> jail(8) will complain
>    jail: jail "foo" not found
> as it does not allow periods in the jailname. This seems like an
> unfortunate limitation, as I tend to name my jails after the fqdn they
> are being started as.
> FYI, the name=myjail form did not work, because rc.d/jail uses the
>    path hostname [ip[,...]] command ...
> synopsis of the jail command, which fails, if it sees name=value params.

I am sorry for misinform you with name=myjail in rc.conf, I didn't try 
it because I am using an old way with -n jailname on my older boxes and 
I am planing to use new syntax only with jail.conf (after problem with 
mounting of devfs will be fixed).

> So I guess, I am out of luck here, because users used to think of their
> jails as what they saw in the hostname field on jls. If I am writing
> tools that use jail_getid to map the jailname to the jid, it will never
> match that hostname and I also can not copy the hostname to the jailname.
> Is there a reason for '.' being the only excluded character in the jailname?

I understand what you are talking about, but jails in these days are 
something different from what jails were at the begining in 4.x days and 
users must accept that jailname is something different than hostname.

In these days, you can have jails with many IP addresses or without IP 
address. Hostname needn't to be unique etc.

Dot (.) is not allowed in jailname because of hierarchical jails, where 
dot is used as hierarchy separator.

So jailname foo.bar.baz means foo is top level jail, bar is its child 
and baz is child in bar.

Plain jls without any options should be used just for backward 
compatibility with old scripts, because its output is insufficient for 
todays jails. (only one IP is shown and no jailname)

jls -v or jls -s is better with new jails.

Miroslav Lachman

More information about the freebsd-jail mailing list