/etc/rc.d/jail using new-style jail command?
Lars Kellogg-Stedman
lars at oddbit.com
Sat Jun 18 18:28:38 UTC 2011
Hello all,
I'm curious if there's been any work done to make /etc/rc.d/jail use
the new-style jail command (jail -c path=... name=..., etc)...or if
there's been any work done to create a replacement? There are three
features I would love to see in the stock version that I've had to
implement myself:
- The ability to reference jails by name. Passing the
name=<jail_name> argument means that jails can be referenced by name
when using, e.g., the jexec command, which is very convenient since
jail ids aren't (normally) persistent.
- The ability to create jails without starting them. The "persist"
argument to the jail command is useful when attaching ZFS datasets to
a jail. A ZFS dataset can't be attached until a JID has been
allocated, but if with the existing implementation the jail will
probably have booted by the time you complete the ZFS assignment,
which impacts services that may need access to the jail. There are
workarounds (such as a busy-wait loop that checks for the filesystem),
but creating the jail with no processes, attaching the datasets, and
then starting the jail is much cleaner.
- Somewhat more flexibility in setting up jail permissions (via the
enforce_statfs and allow.* arguments).
Before I spend too much time making my own local changes, I was
wondering if there was anything I should be looking at. I've been
using ezjail recently, but since it relies on the stock /etc/rc.d/jail
to actually boot and configure jails it suffers from the same
limitations.
Thanks,
-- Lars
More information about the freebsd-questions
mailing list