Date: Sat, 18 Jun 2011 13:59:36 -0400 From: Lars Kellogg-Stedman <lars@oddbit.com> To: freebsd-questions <freebsd-questions@freebsd.org> Subject: /etc/rc.d/jail using new-style jail command? Message-ID: <BANLkTinS%2Bf=GoBWz5-nqT8Qczb2Z8QOspw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello all, I'm curious if there's been any work done to make /etc/rc.d/jail use the new-style jail command (jail -c path=... name=..., etc)...or if there's been any work done to create a replacement? There are three features I would love to see in the stock version that I've had to implement myself: - The ability to reference jails by name. Passing the name=<jail_name> argument means that jails can be referenced by name when using, e.g., the jexec command, which is very convenient since jail ids aren't (normally) persistent. - The ability to create jails without starting them. The "persist" argument to the jail command is useful when attaching ZFS datasets to a jail. A ZFS dataset can't be attached until a JID has been allocated, but if with the existing implementation the jail will probably have booted by the time you complete the ZFS assignment, which impacts services that may need access to the jail. There are workarounds (such as a busy-wait loop that checks for the filesystem), but creating the jail with no processes, attaching the datasets, and then starting the jail is much cleaner. - Somewhat more flexibility in setting up jail permissions (via the enforce_statfs and allow.* arguments). Before I spend too much time making my own local changes, I was wondering if there was anything I should be looking at. I've been using ezjail recently, but since it relies on the stock /etc/rc.d/jail to actually boot and configure jails it suffers from the same limitations. Thanks, -- Lars
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTinS%2Bf=GoBWz5-nqT8Qczb2Z8QOspw>