rc.d/jail and jail.conf

Dirk Engling erdgeist at erdgeist.org
Sun Mar 31 20:58:37 UTC 2013

On 31.03.13 22:01, Miroslav Lachman wrote:

>> So I guess, I am out of luck here, because users used to think of their
>> jails as what they saw in the hostname field on jls. If I am writing
>> tools that use jail_getid to map the jailname to the jid, it will never
>> match that hostname and I also can not copy the hostname to the jailname.
> I understand what you are talking about, but jails in these days are
> something different from what jails were at the begining in 4.x days and
> users must accept that jailname is something different than hostname.

> In these days, you can have jails with many IP addresses or without IP
> address. Hostname needn't to be unique etc.
> Dot (.) is not allowed in jailname because of hierarchical jails,
> where dot is used as hierarchy separator.

Humm, this seems a strange thing to answer to my question. Once you see
jails as virtual servers (which I understand is not the only way to do,
but the biased way I and most jail users I talk to happen to deploy them
in huge quantities), the natural approach to name them is via their
hostname. I find it hard to grasp to tell them "don't" ;)

And still I find the choice of '.' as a separator unfortunate, '/'
springs in mind, but there might have been reasons.

I also understand that the hostname is not an unique identifier anymore,
still for many (if not most) setups the mapping is bijective.

My problem now is that referring to a jail (in a sense of virtual host)
becomes unintuitive. I want to do stuff with my vhost "example.com" but
have to call it "example" or "example_com". Even worse with
"www.example.com" which now needs to be an ambigous "www" or some other
mapping of '.' to something else.

If I want to write tools that accept intuitive jail identifiers, I would
have to implement heuristics that match the hostname once the identifier
contains '.' and I can't find a hierarchical jail with that name.

> Plain jls without any options should be used just for backward
> compatibility with old scripts, because its output is insufficient for
> todays jails. (only one IP is shown and no jailname)
> jls -v or jls -s is better with new jails.

Maybe it would be easier for me to understand if I knew, how those jails
"in these days" are supposed to work, what the overall vision is for
users to integrate them in their workflow. Besides a wish list that
doubles as todo list in


and an attempted handbook section rewrite, there seems to be little in
that regard. Maybe I just missed out on the discussions or could not
find the relevant documents?

Maybe meeting at a BSDcon over a beer would help ;)



More information about the freebsd-jail mailing list