setting MIBs on a per jail bases

Harald Schmalzbauer h.schmalzbauer at
Thu Feb 14 13:18:43 UTC 2013

 schrieb Fbsd8 am 06.02.2013 17:57 (localtime):
> Fleuriot Damien wrote:
>> Running 8.3 here and the answer is no.
>> On Feb 6, 2013, at 5:39 PM, Fbsd8 <fbsd8 at> wrote:
>>> Is there a way to set these MIBs
>>> on a per jail bases?
>>> allow.mount.nullfs
>>> allow.raw_sockets
>>> securelevel
> Rereading the  "man jail" for 9.1 talks about securelevel as a jail
> parammeter. So correct me if I an wrong. All the security.jail.param.*
> MIBs are set in rc.conf or /etc/jail.conf file on a per jail bases by
> changing the word "parm" to the jailname?

This applies to jail.conf(5).
That's a entirely new way to handle jails in FreeBSD 9.1. Very nice, but
not included in rc.d.

If you want to keep the traditional way running jails, I made a patch
some time ago to control more per-jail tunables.
Here you can donwload it for -9:
That also irons some ip configuration cosmetics, see defaults/rc.conf.

If you want to give the new jail(8) and jail.conf capabilities a try,
here's like I use it with vnet (vimage, virtual per-jail-network stack):
Compile a kernel with "options VIMAGE"
remove "# keyword nojail" in jail's etc/rc.d/netif and routing (if you
want to set IP addresses inside the jail)

And here's the corresponding jail.conf:
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown && sleep 2";

# Dynamic wildcard parameter:
# Base the path off the jail name.
path = "/.jail.$name";

yourname {
        name = "inno";
#       host.hostname = .your"; but also set inside the
jail along with network setup
        vnet = "new";
        vnet.interface = "jbb$name";

You can add "allow.raw_sockets" anywhere.
But with vnet, you don't need that any more.
Just to point you into the right direction.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the freebsd-questions mailing list