setting MIBs on a per jail bases
h.schmalzbauer at omnilan.de
Thu Feb 14 13:18:43 UTC 2013
schrieb Fbsd8 am 06.02.2013 17:57 (localtime):
> Fleuriot Damien wrote:
>> Running 8.3 here and the answer is no.
>> On Feb 6, 2013, at 5:39 PM, Fbsd8 <fbsd8 at a1poweruser.com> wrote:
>>> Is there a way to set these MIBs
>>> on a per jail bases?
> Rereading the "man jail" for 9.1 talks about securelevel as a jail
> parammeter. So correct me if I an wrong. All the security.jail.param.*
> MIBs are set in rc.conf or /etc/jail.conf file on a per jail bases by
> changing the word "parm" to the jailname?
This applies to jail.conf(5).
That's a entirely new way to handle jails in FreeBSD 9.1. Very nice, but
not included in rc.d.
If you want to keep the traditional way running jails, I made a patch
some time ago to control more per-jail tunables.
Here you can donwload it for -9:
That also irons some ip configuration cosmetics, see defaults/rc.conf.
If you want to give the new jail(8) and jail.conf capabilities a try,
here's like I use it with vnet (vimage, virtual per-jail-network stack):
Compile a kernel with "options VIMAGE"
remove "# keyword nojail" in jail's etc/rc.d/netif and routing (if you
want to set IP addresses inside the jail)
And here's the corresponding jail.conf:
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown && sleep 2";
# Dynamic wildcard parameter:
# Base the path off the jail name.
path = "/.jail.$name";
name = "inno";
# host.hostname = .your hostname.net"; but also set inside the
jail along with network setup
vnet = "new";
vnet.interface = "jbb$name";
You can add "allow.raw_sockets" anywhere.
But with vnet, you don't need that any more.
Just to point you into the right direction.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 196 bytes
Desc: OpenPGP digital signature
More information about the freebsd-questions