/etc/jail.conf for automatically started jails listed in /etc/rc.conf
David Demelier
demelier.david at gmail.com
Tue May 14 06:50:34 UTC 2013
2013/5/14 Joe <fbsd8 at a1poweruser.com>:
> David Demelier wrote:
>>
>> Le lundi 13 mai 2013 16:32:01 Joe a écrit :
>>>
>>> David Demelier wrote:
>>>>
>>>> Hello dear,
>>>>
>>>> Does jail.conf(5) does not work for jails listed in the rc.conf ?
>>>>
>>>> I've added in /etc/jail.conf:
>>>>
>>>> foo {
>>>>
>>>> hostname=Foo;
>>>> path=/jails/foo;
>>>> allow.sysvipc=1;
>>>>
>>>> }
>>>>
>>>> And in /etc/rc.conf only foo in the jail_list parameter, but when I try
>>>> to
>>>> start the jail it still complain about missing hostname.
>>>>
>>>> Regards,
>>>
>>> There are 2 methods for configuring jails.
>>>
>>> The legacy method which you put the jail config statements in the hosts
>>> /etc/rc.conf file and start and stop control is done by the hosts
>>> /etc/rc.d/jail script at boot time.
>>>
>>> The jail(8) method which has it's own jail config statements in the
>>> hosts /etc/jail.conf file and uses the jail(8) program for starting and
>>> stopping. You can create a jail.conf file for each jail(8) and start it
>>> using jail -c -f "/etc/jailname.jail.conf" and stop by issuing
>>> jail -f "/etc/jailname.jail.conf" -r jailname
>>>
>>> You can not mix the 2 methods.
>>
>>
>> My real problem is that I wanted to add allow.sysvipc only for *one* jail
>> and I can't find a real solution by jail_* flags in /etc/rc.conf
>>
>> There is jail_allow_sysvipc but it enable it for all jails.
>>
>>
>
>
> The jail(8) method does have a allow_sysvipc on a per jail basis. To use it
> you have to use the jail(8) method. The 9.1-RELEASE legacy method is a work
> in process to incorporate the jail(8) parameters into the rc.conf config
> statements.
>
> About the allow_sysvipc parameter, this breaks the security the jail is
> designed to provide and should NOT be used on any jails having public
> internet access.
>
> What are you trying to do that you think you need to use the allow_sysvipc
> parameter?
>
PostgreSQL, usually I install it on the host instead of jails, but I
needed a second instance on a different port for a public access..
Regards,
--
Demelier David
More information about the freebsd-questions
mailing list