svn commit: r340319 - head/usr.sbin/jail

Sat Nov 10 13:10:37 UTC 2018

Am 10.11.2018 um 13:33 schrieb Eugene Grosbein:
> 10.11.2018 19:12, Bjoern A. Zeeb wrote:
>
>>> Author: eugen
>>> Date: Sat Nov 10 12:03:57 2018
>>> New Revision: 340319
>>> URL: https://svnweb.freebsd.org/changeset/base/340319
>>>
>>> Log:
>>>    jail(8): introduce new command option -e to exhibit
>>>    a list of configured non-wildcard jails with their parameters,
>>>    no matter running or not.
>>>
>>>    The option -e takes separator argument that is used
>>>    to separate printed parameters. It will be used with following
>>>    additions to system periodic scripts to differentiate parts
>>>    of directory tree belonging jails as opposed to host's.
>>  From reading this and the man page changes I have a hard time to understand what this does.
>>
>> What is a “wildcard jail” or a “non-wildcard jail”?
> Modern jail configuration style assumes usage of jail.conf file

I was quiet unhappy with the single jail.conf(5) in /etc, so I extended 
jail rc(8) to support /etc/jail.conf.d/

Probably some others would welcome jail.conf.d/ too.  Unfortunately I 
don't have enough time to stay focused with one feature, so all my 
extensions are somewhat hackish.
In this case, it's part of a jail setup script (I'm aware that there are 
many ports out ther which claim to ease jail management, but all to much 
more and nothing I could get a start point with satisfaction, so I wrote 
my own, wich _only_ utilizes base tools).

Essentialy, it's about
+++ /etc/rc.d/jail    2017-09-28 13:55:35.109528000 +0000
@@ -127,6 +128,9 @@
          if [ -r "$_jconf" ]; then
              _conf="$_jconf"
              return 0
+        elif [ -r /etc/jail.conf.d/${_j} ]; then
+            _conf="/etc/jail.conf.d/${_j}"
+            return 0
          elif [ -r "$jail_conf" ]; then
              _conf="$jail_conf"
              return 0'
   fi

Do you think that jail.conf.d/ should be considered as future extension?


The setup script itself is also a handler for mounted md_images, so in 
case it's found, the diff is a little bigger in order to take care to 
attach/detach md(4).  Here's the correspondig rc-patch function - happy 
to mail the whole script on request:

patch_rc_jail(){
   :verbosemsg "patch_rc_jail() ${1:+called with $@}"
   local PATCH line patchfile
   PATCH=$(which patch 2>/dev/null)
   [ -n "${PATCH}" ] || return
   patchfile="$(mktemp)"
   if [ -x /usr/sbin/jailsetup ]; then
     abtvar='--- /etc/rc.d/jail.orig    2017-09-28 13:45:35.213478000 +0000
+++ /etc/rc.d/jail    2017-09-28 13:55:35.109528000 +0000
@@ -26,6 +26,7 @@
  : ${jail_consolecmd:=/usr/bin/login -f root}
  : ${jail_jexec:=/usr/sbin/jexec}
  : ${jail_jls:=/usr/sbin/jls}
+: ${jail_setup:=/usr/sbin/jailsetup}

  need_dad_wait=

@@ -127,6 +128,9 @@
          if [ -r "$_jconf" ]; then
              _conf="$_jconf"
              return 0
+        elif [ -r /etc/jail.conf.d/${_j} ]; then
+            _conf="/etc/jail.conf.d/${_j}"
+            return 0
          elif [ -r "$jail_conf" ]; then
              _conf="$jail_conf"
              return 0
@@ -476,6 +480,7 @@
          # jail_parallel_start is YES.
          #
          for _j in $@; do
+            [ -x $jail_setup ] && $jail_setup mdattach -n ${_j}
              _j=$(echo $_j | tr /. _)
              _jv=$(echo -n $_j | tr -c '"'"[:alnum:]"'"' _)
              parse_options $_j $_jv || continue
@@ -504,6 +509,7 @@
          # Start jails one-by-one when jail_parallel_start is NO.
          #
          for _j in $@; do
+            [ -x $jail_setup ] && $jail_setup mdattach -n ${_j}
              _j=$(echo $_j | tr /. _)
              _jv=$(echo -n $_j | tr -c '"'"[:alnum:]"'"' _)
              parse_options $_j $_jv || continue
@@ -556,6 +562,7 @@
              fi
              rm -f $_tmp
          done
+        [ -x $jail_setup ] && $jail_setup mddetach
          echo '"'"."'"'
          return
      ;;
@@ -578,6 +585,7 @@
              rm -f /var/run/jail_${_j}.id
          fi
          rm -f $_tmp
+        [ -x $jail_setup ] && $jail_setup mddetach -n ${_j}
      done
      echo '"'"."'"'
  }'
   else
     abtvar='--- /etc/rc.d/jail.orig    2017-09-28 13:45:35.213478000 +0000
+++ /etc/rc.d/jail    2017-09-28 13:55:35.109528000 +0000
@@ -127,6 +128,9 @@
          if [ -r "$_jconf" ]; then
              _conf="$_jconf"
              return 0
+        elif [ -r /etc/jail.conf.d/${_j} ]; then
+            _conf="/etc/jail.conf.d/${_j}"
+            return 0
          elif [ -r "$jail_conf" ]; then
              _conf="$jail_conf"
              return 0'
   fi
   echo "${abtvar}" > "${patchfile}"
   ${PATCH} -p 0 -C -i "${patchfile}" >/dev/null 2>&1 || return
   ${PATCH} -p 0 -i "${patchfile}" >/dev/null 2>&1 &&
     cp /etc/rc.d/jail.orig /var/backups 2>/dev/null
   [ -e /etc/rc.d/jail.rej ] && unlink /etc/rc.d/jail.rej
   rm /etc/rc.d/jail.orig "${patchfile}" 2>/dev/null
} #patch_rc_jail

