From owner-freebsd-current@FreeBSD.ORG Wed Jun 14 10:19:24 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 981C316A41A for ; Wed, 14 Jun 2006 10:19:24 +0000 (UTC) (envelope-from freebsd-listen@fabiankeil.de) Received: from smtprelay01.ispgateway.de (smtprelay01.ispgateway.de [80.67.18.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF0F143D49 for ; Wed, 14 Jun 2006 10:19:23 +0000 (GMT) (envelope-from freebsd-listen@fabiankeil.de) Received: (qmail 1503 invoked from network); 14 Jun 2006 10:19:21 -0000 Received: from unknown (HELO localhost) (775067@[217.50.128.144]) (envelope-sender ) by smtprelay01.ispgateway.de (qmail-ldap-1.03) with SMTP for ; 14 Jun 2006 10:19:21 -0000 Date: Wed, 14 Jun 2006 12:19:06 +0200 From: Fabian Keil To: "Raphael H. Becker" Message-ID: <20060614121906.693f6acc@localhost> In-Reply-To: <20060614121025.D47362@p-i-n.com> References: <20060614121025.D47362@p-i-n.com> X-Mailer: Sylpheed-Claws 2.2.3 (GTK+ 2.8.17; i386-portbld-freebsd6.1) X-PGP-KEY-URL: http://www.fabiankeil.de/gpg-keys/freebsd-listen-2006-08-19.asc User-Agent: 321 test Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_wkPGKkXtdwXVgVflLZH/EgM"; protocol="application/pgp-signature"; micalg=PGP-SHA1 Cc: freebsd-current@freebsd.org Subject: Re: jail__conf in /etc/rc.conf X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jun 2006 10:19:24 -0000 --Sig_wkPGKkXtdwXVgVflLZH/EgM Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable "Raphael H. Becker" wrote: > having a jail-server and maintaining lots of jails may cause headache, > when editing /etc/rc.conf.=20 >=20 > My idea is to define per-jail.conf files outside /etc/rc.conf. > This would make using conf-templates much easier and you don't=20 > need to do evil "script-magic" on /etc/rc.conf. > Any alternative solution getting something like this running? Try /usr/ports/sysutils/ezjail/ It only requires one line in rc.conf and uses one configuration file for every jail: fk@TP51 ~ $grep jail /etc/rc.conf ezjail_enable=3D"YES" fk@TP51 ~ $cat /usr/local/etc/ezjail/porttest=20 # To specify the start up order of your ezjails, use these lines to # create a Jail dependency tree. See rcorder(8) for more details. # # PROVIDE: standard_ezjail # REQUIRE:=20 # BEFORE:=20 # export jail_porttest_hostname=3D"porttest" export jail_porttest_ip=3D"192.168.6.100" export jail_porttest_rootdir=3D"/usr/jails/porttest" export jail_porttest_exec=3D"/bin/sh /etc/rc" export jail_porttest_mount_enable=3D"YES" export jail_porttest_devfs_enable=3D"YES" export jail_porttest_devfs_ruleset=3D"devfsrules_pf_jail" export jail_porttest_procfs_enable=3D"YES" export jail_porttest_fdescfs_enable=3D"YES" export jail_porttest_image=3D"" export jail_porttest_imagetype=3D"" export jail_porttest_attachparams=3D"" export jail_porttest_attachblocking=3D"" export jail_porttest_forceblocking=3D"" Fabian --=20 http://www.fabiankeil.de/ --Sig_wkPGKkXtdwXVgVflLZH/EgM Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEj+KkjV8GA4rMKUQRAqSCAJ4ogQ8TllLCtPG9H6o72rofAJVJogCg5wfh UUDic4Qa1NKrd3NsElRdYBc= =1U1u -----END PGP SIGNATURE----- --Sig_wkPGKkXtdwXVgVflLZH/EgM--