From owner-freebsd-jail@FreeBSD.ORG Sun Oct 13 13:19:03 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 97F8DA32; Sun, 13 Oct 2013 13:19:03 +0000 (UTC) (envelope-from gehm@doom-labs.net) Received: from mail.doom-labs.net (diabolo.doom-labs.net [81.92.172.233]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 414C1232E; Sun, 13 Oct 2013 13:19:02 +0000 (UTC) Received: from mail.doom-labs.net (diabolo.doom-labs.net [81.92.172.233]) by mail.doom-labs.net (Postfix) with ESMTP id 77E9F5B0A9; Sun, 13 Oct 2013 15:19:01 +0200 (CEST) Received: by mail.doom-labs.net (Postfix, from userid 10094) id 48BE15B0A8; Sun, 13 Oct 2013 15:19:01 +0200 (CEST) Date: Sun, 13 Oct 2013 15:19:01 +0200 From: Ekkehard Gehm To: freebsd-ports@freebsd.org, freebsd-jail@freebsd.org Subject: Re: stagedir vs. jail Message-ID: <20131013131901.GA55678@doom-labs.net> References: <20131013105853.GA63463@doom-labs.net> <525A8AB5.9000102@FreeBSD.org> <20131013122217.GA87222@doom-labs.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="bg08WKrSYDhXBjb5" Content-Disposition: inline In-Reply-To: <20131013122217.GA87222@doom-labs.net> X-Arbitrary-Number-Of-The-Day: 42 X-Binford-Tool: 6100 (more power) X-PGP-Key: http://www.physik.tu-berlin.de/~gehm/pubkey.asc User-Agent: Mutt/1.5.21 (2010-09-15) X-Virus-Scanned: ClamAV using ClamSMTP X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Oct 2013 13:19:03 -0000 --bg08WKrSYDhXBjb5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable A quick addition: My Jail is buid exactly as discribed in the jail handbook: http://www.freebsd.org/doc/handbook/jails-application.html So hanging around with this issue because of this staging thing is a bit *a= rgl* Cheers, Ekki On Sun, 13 Oct 2013, Ekkehard Gehm wrote something like: > Ahoi! >=20 > On Sun, 13 Oct 2013, Matthew Seaman wrote something like: >=20 > > On 13/10/2013 11:58, Ekkehard Gehm wrote: > > > I resently have some problems installing/updating ports. The main > > > problem is that the stagedir path is somehow messed up. > > >=20 > > > The system is running FreeBSD 9.1-RELEASE-p6 and I'm working in a > > > jail. While building it creates the stagedir in > > > /s/portbuild/usr/ports/...../usr/local/ BUT: When it comes to the pkg > > > building it suddently is looking in .../usr-local/.. witch acctualy > > > is a part of the symlink. (In the jail /usr/local is a symlink to > > > /s/usr-local). Resulting in an failure. > > >=20 > > > The only workiaround is disabling stage completly thru make.conf...= =20 > > > As this is very quick'n'dirty I wonder if there is any other > > > solution! > >=20 > > Your subject line is (perhaps) a bit misleading: this seems to be > > nothing specific to the use of jails, but due to having sym-links in > > various paths. It could happen just the same if you laid out your host > > filesystem using sym-links. > >=20 >=20 > Right. That might be... >=20 > > Anyhow, this looks like a bug to me -- using sym-links to put your > > filesystem together should not result in chaos. > >=20 >=20 >=20 > This is alo my understanding of this issue... >=20 > > Are you using pkg(8)? There are differences in the way a package is > > generated from the staging directory between pkg(8) and pkg_create(1) > > which might make all the difference. > >=20 >=20 > Here is a short cut out of a build (portmaster portmaster): >=20 > install -o root -g wheel -m 444 /s/portbuild/usr/ports/ports-mgmt/portma= ster/wo rk/freebsd-por= tmaster-7359019/files/bash-completions /s/portbuild/usr/ports/por = ts-mgmt/portmaster/work/stage/= usr/local/etc/bash_completion.d/portmaster.sh > =3D=3D=3D=3D> Compressing man pages > =3D=3D=3D> Building package for portmaster-3.17.2 > Creating package /s/portbuild/usr/ports/ports-mgmt/portmaster/work/portma= ster-3. 17.2.tbz > Registering depends:. > Creating bzip'd tar ball in '/s/portbuild/usr/ports/ports-mgmt/portmaster= /work/p ortmaster-3.17= =2E2.tbz' > tar: could not chdir to '/s/portbuild/usr/ports/ports-mgmt/portmaster/wor= k/stage /s/usr-local' >=20 > pkg_create: make_dist: tar command failed with code 256 > *** [do-package] Error code 1 >=20 > Stop in /usr/ports/ports-mgmt/portmaster. > *** [install] Error code 1 >=20 > Stop in /usr/ports/ports-mgmt/portmaster. >=20 > =3D=3D=3D>>> A backup package for portmaster-3.17.1 should > be located in /var/ports/packages/portmaster-backup >=20 > =3D=3D=3D>>> Installation of portmaster-3.17.2 (ports-mgmt/portmaster) fa= iled > =3D=3D=3D>>> Aborting update >=20 > =3D=3D=3D>>> Killing background jobs > Terminated >=20 > =3D=3D=3D>>> You can restart from the point of failure with this command = line: > portmaster ports-mgmt/portmaster >=20 > =3D=3D=3D>>> Exiting >=20 > As a result portmaster is not working anymore... > > Is it all ports that are affected? Does the use of PLIST_FILES or > > PLIST_DIRS in the port Makefile make any difference compared to having a > > pkg-plist file? > >=20 > > A possible work-around: instead of sym-linking /s/usr-local -> > > /usr/local use a nullfs mount instead. > >=20 > > mount -t nullfs /s/usr-local /usr/local > >=20 > > (Actually, you'ld probably do that from outside the jail so adjust the > > paths accordingly.) > >=20 > > Another workaround: set up your own poudriere instance to build > > packages for all your jails. poudriere(8) will create its own jails to > > do package building in, and manage paths etc. itself. It's a natural > > partner to pkg(8) and zfs(8) but it will work without either of those. > >=20 > > Cheers, > >=20 > > Matthew > >=20 > > --=20 > > Dr Matthew J Seaman MA, D.Phil. > > PGP: http://www.infracaninophile.co.uk/pgpkey > >=20 > >=20 >=20 >=20 >=20 > --=20 > Ekkehard Gehm * mailto:gehm@doom-labs.net > Doom-Labs Inc. * http://www.doom-labs.net > Frag Content * PGP-Key: http://www.physik.tu-berlin.de/~= gehm/pubkey.asc >=20 > Experience is what you get when you were expecting something else. >=20 > Microsoft: "Where do you want to go today?" > Linux: "Where do you want to go tomorrow?" > FreeBSD: "Are you guys coming or what?" --=20 Ekkehard Gehm * mailto:gehm@doom-labs.net Doom-Labs Inc. * http://www.doom-labs.net Frag Content * PGP-Key: http://www.physik.tu-berlin.de/~ge= hm/pubkey.asc Experience is what you get when you were expecting something else. Microsoft: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming or what?" --bg08WKrSYDhXBjb5 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (FreeBSD) iEYEARECAAYFAlJancIACgkQ3AMzQY6nzuYnaQCgi27JcBdhK2Tgwmf/0VxYxKdW UAEAnRKXJKeIU+M+ibFz47ezycRZbQXC =b02l -----END PGP SIGNATURE----- --bg08WKrSYDhXBjb5-- From owner-freebsd-jail@FreeBSD.ORG Sun Oct 13 13:59:47 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 27D65EAB; Sun, 13 Oct 2013 13:59:47 +0000 (UTC) (envelope-from kpaasial@gmail.com) Received: from mail-qe0-x22c.google.com (mail-qe0-x22c.google.com [IPv6:2607:f8b0:400d:c02::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id CEFFD24AD; Sun, 13 Oct 2013 13:59:46 +0000 (UTC) Received: by mail-qe0-f44.google.com with SMTP id 6so4616150qeb.31 for ; Sun, 13 Oct 2013 06:59:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=teg90Jr4/VNtmvuQ8t/Ko7eWsikQdboryMGQGeRfIX0=; b=N36GnrQCOv8AJx287bKyrNDyFRQn856YxgL0yL4LlhKXjsKUC39aE40NjV3QKe5wWh +I4XZSNM3EiINma8KoUQgHLCeDwUYGA52T5WtOfPrD4MJBYO/laXJrnG/HQokoyepNyB /kAvO1Eof37cliL+3hz31i7fpi5D6FXx3rIaZGtphNhU3clVYcYSpT/jqQ6IU5D76M6v LbXNarFmifADkQSu68TQ0NearV/7jZ6Abg5yFBTQbQhE0IVkmbg2gcAXEfafPkFNnQer shL7peOlkn+gNZpMTK211LXIil9Z4GUAzaa4hnUtfLfguNQdKeKOfJr9Z07buFkXRpWL QTwQ== MIME-Version: 1.0 X-Received: by 10.49.19.101 with SMTP id d5mr2781419qee.78.1381672785993; Sun, 13 Oct 2013 06:59:45 -0700 (PDT) Received: by 10.96.180.233 with HTTP; Sun, 13 Oct 2013 06:59:45 -0700 (PDT) In-Reply-To: <20131013131901.GA55678@doom-labs.net> References: <20131013105853.GA63463@doom-labs.net> <525A8AB5.9000102@FreeBSD.org> <20131013122217.GA87222@doom-labs.net> <20131013131901.GA55678@doom-labs.net> Date: Sun, 13 Oct 2013 16:59:45 +0300 Message-ID: Subject: Re: stagedir vs. jail From: Kimmo Paasiala To: Ekkehard Gehm Content-Type: text/plain; charset=UTF-8 Cc: freebsd-jail@freebsd.org, freebsd-ports X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Oct 2013 13:59:47 -0000 On Sun, Oct 13, 2013 at 4:19 PM, Ekkehard Gehm wrote: > A quick addition: > > My Jail is buid exactly as discribed in the jail handbook: > http://www.freebsd.org/doc/handbook/jails-application.html > > So hanging around with this issue because of this staging thing is a bit *argl* > > Cheers, > > Ekki > Why can't you use poudriere as the package builder? Poudriere does not use any symbolic link tricks and that's why things just work out of the box. From owner-freebsd-jail@FreeBSD.ORG Sun Oct 13 20:59:16 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id C54EB22C; Sun, 13 Oct 2013 20:59:16 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.52.97]) by mx1.freebsd.org (Postfix) with ESMTP id 8511026EE; Sun, 13 Oct 2013 20:59:16 +0000 (UTC) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 146B3CB8C5A; Sun, 13 Oct 2013 15:42:27 -0500 (CDT) Received: from 76.193.19.251 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Sun, 13 Oct 2013 15:42:26 -0500 (CDT) Message-ID: <61419.76.193.19.251.1381696946.squirrel@cosmo.uchicago.edu> In-Reply-To: <20131013131901.GA55678@doom-labs.net> References: <20131013105853.GA63463@doom-labs.net> <525A8AB5.9000102@FreeBSD.org> <20131013122217.GA87222@doom-labs.net> <20131013131901.GA55678@doom-labs.net> Date: Sun, 13 Oct 2013 15:42:26 -0500 (CDT) Subject: Re: stagedir vs. jail From: "Valeri Galtsev" To: "Ekkehard Gehm" User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-jail@freebsd.org, freebsd-ports@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: galtsev@kicp.uchicago.edu List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Oct 2013 20:59:16 -0000 Yes, this is killing me too. The same: my jails are built "by the book": http://www.freebsd.org/doc/handbook/jails-application.html the only difference from the book is, they are located in /jail instead of /home/j which shouldn't matter from the point of view of what is happening inside the jail. Thanks in advance to the bright person(s) who can/will address this! Valeri On Sun, October 13, 2013 8:19 am, Ekkehard Gehm wrote: > A quick addition: > > My Jail is buid exactly as discribed in the jail handbook: > http://www.freebsd.org/doc/handbook/jails-application.html > > So hanging around with this issue because of this staging thing is a bit > *argl* > > Cheers, > > Ekki > > On Sun, 13 Oct 2013, Ekkehard Gehm wrote something like: > >> Ahoi! >> >> On Sun, 13 Oct 2013, Matthew Seaman wrote something like: >> >> > On 13/10/2013 11:58, Ekkehard Gehm wrote: >> > > I resently have some problems installing/updating ports. The main >> > > problem is that the stagedir path is somehow messed up. >> > > >> > > The system is running FreeBSD 9.1-RELEASE-p6 and I'm working in a >> > > jail. While building it creates the stagedir in >> > > /s/portbuild/usr/ports/...../usr/local/ BUT: When it comes to the >> pkg >> > > building it suddently is looking in .../usr-local/.. witch acctualy >> > > is a part of the symlink. (In the jail /usr/local is a symlink to >> > > /s/usr-local). Resulting in an failure. >> > > >> > > The only workiaround is disabling stage completly thru make.conf... >> > > As this is very quick'n'dirty I wonder if there is any other >> > > solution! >> > >> > Your subject line is (perhaps) a bit misleading: this seems to be >> > nothing specific to the use of jails, but due to having sym-links in >> > various paths. It could happen just the same if you laid out your >> host >> > filesystem using sym-links. >> > >> >> Right. That might be... >> >> > Anyhow, this looks like a bug to me -- using sym-links to put your >> > filesystem together should not result in chaos. >> > >> >> >> This is alo my understanding of this issue... >> >> > Are you using pkg(8)? There are differences in the way a package is >> > generated from the staging directory between pkg(8) and pkg_create(1) >> > which might make all the difference. >> > >> >> Here is a short cut out of a build (portmaster portmaster): >> >> install -o root -g wheel -m 444 >> /s/portbuild/usr/ports/ports-mgmt/portmaster/wo >> >> rk/freebsd-portmaster-7359019/files/bash-completions >> /s/portbuild/usr/ports/por >> >> ts-mgmt/portmaster/work/stage/usr/local/etc/bash_completion.d/portmaster.sh >> ====> Compressing man pages >> ===> Building package for portmaster-3.17.2 >> Creating package >> /s/portbuild/usr/ports/ports-mgmt/portmaster/work/portmaster-3. >> 17.2.tbz >> Registering depends:. >> Creating bzip'd tar ball in >> '/s/portbuild/usr/ports/ports-mgmt/portmaster/work/p >> ortmaster-3.17.2.tbz' >> tar: could not chdir to >> '/s/portbuild/usr/ports/ports-mgmt/portmaster/work/stage >> /s/usr-local' >> >> pkg_create: make_dist: tar command failed with code 256 >> *** [do-package] Error code 1 >> >> Stop in /usr/ports/ports-mgmt/portmaster. >> *** [install] Error code 1 >> >> Stop in /usr/ports/ports-mgmt/portmaster. >> >> ===>>> A backup package for portmaster-3.17.1 should >> be located in /var/ports/packages/portmaster-backup >> >> ===>>> Installation of portmaster-3.17.2 (ports-mgmt/portmaster) failed >> ===>>> Aborting update >> >> ===>>> Killing background jobs >> Terminated >> >> ===>>> You can restart from the point of failure with this command line: >> portmaster ports-mgmt/portmaster >> >> ===>>> Exiting >> >> As a result portmaster is not working anymore... >> > Is it all ports that are affected? Does the use of PLIST_FILES or >> > PLIST_DIRS in the port Makefile make any difference compared to having >> a >> > pkg-plist file? >> > >> > A possible work-around: instead of sym-linking /s/usr-local -> >> > /usr/local use a nullfs mount instead. >> > >> > mount -t nullfs /s/usr-local /usr/local >> > >> > (Actually, you'ld probably do that from outside the jail so adjust the >> > paths accordingly.) >> > >> > Another workaround: set up your own poudriere instance to build >> > packages for all your jails. poudriere(8) will create its own jails >> to >> > do package building in, and manage paths etc. itself. It's a natural >> > partner to pkg(8) and zfs(8) but it will work without either of those. >> > >> > Cheers, >> > >> > Matthew >> > >> > -- >> > Dr Matthew J Seaman MA, D.Phil. >> > PGP: http://www.infracaninophile.co.uk/pgpkey >> > >> > >> >> >> >> -- >> Ekkehard Gehm * mailto:gehm@doom-labs.net >> Doom-Labs Inc. * http://www.doom-labs.net >> Frag Content * PGP-Key: >> http://www.physik.tu-berlin.de/~gehm/pubkey.asc >> >> Experience is what you get when you were expecting something else. >> >> Microsoft: "Where do you want to go today?" >> Linux: "Where do you want to go tomorrow?" >> FreeBSD: "Are you guys coming or what?" > > > > -- > Ekkehard Gehm * mailto:gehm@doom-labs.net > Doom-Labs Inc. * http://www.doom-labs.net > Frag Content * PGP-Key: > http://www.physik.tu-berlin.de/~gehm/pubkey.asc > > Experience is what you get when you were expecting something else. > > Microsoft: "Where do you want to go today?" > Linux: "Where do you want to go tomorrow?" > FreeBSD: "Are you guys coming or what?" > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ From owner-freebsd-jail@FreeBSD.ORG Mon Oct 14 11:06:50 2013 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id D63264EA for ; Mon, 14 Oct 2013 11:06:50 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id C322B2C7D for ; Mon, 14 Oct 2013 11:06:50 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r9EB6odp035241 for ; Mon, 14 Oct 2013 11:06:50 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r9EB6ojt035239 for freebsd-jail@FreeBSD.org; Mon, 14 Oct 2013 11:06:50 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 14 Oct 2013 11:06:50 GMT Message-Id: <201310141106.r9EB6ojt035239@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Oct 2013 11:06:50 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/181650 jail [jail] [patch] /etc/rc.d/jail fails if a kernel built o kern/180916 jail [jail] [regression] jail startup is broken for 8.4 wit o kern/180067 jail [jail] [patch] fix multicast support within jails o bin/178302 jail jail(8): unknown parameter: ip6.addr when kernel compi o kern/176112 jail [jail] [panic] kernel panic when starting jails o kern/174902 jail [jail] jail should provide validator for jail names o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no o kern/169751 jail [jail] reading routing information does not work in ja o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k o kern/159918 jail [jail] inter-jail communication failure o kern/156111 jail [jail] procstat -b not supported in jail o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid 18 problems total. From owner-freebsd-jail@FreeBSD.ORG Fri Oct 18 19:53:45 2013 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 02D3E97E for ; Fri, 18 Oct 2013 19:53:45 +0000 (UTC) (envelope-from erdgeist@erdgeist.org) Received: from elektropost.org (elektropost.org [217.115.13.199]) by mx1.freebsd.org (Postfix) with ESMTP id 334952A76 for ; Fri, 18 Oct 2013 19:53:43 +0000 (UTC) Received: (qmail 19449 invoked from network); 18 Oct 2013 19:53:39 -0000 Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org) by elektropost.org with CAMELLIA256-SHA encrypted SMTP; 18 Oct 2013 19:53:39 -0000 Message-ID: <526191C3.7090902@erdgeist.org> Date: Fri, 18 Oct 2013 21:53:39 +0200 From: Dirk Engling User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.0.1 MIME-Version: 1.0 To: freebsd-jail@FreeBSD.org Subject: Patch: make the jail(8) command set the jid parameter X-Enigmail-Version: 1.5.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Oct 2013 19:53:45 -0000 Hello, I've created a patch to the jail command that allows statements like exec.poststart = "touch /startjailid_${jid}"; exec.prestop = "touch /stopjailid_${jid}"; in a jail.conf work as expected, even if the jid is not specified there, i.e. for jails without a pinned jid. It works by splitting variable substitution in two parts. In the first pass a missing jid parameter is ignored, running_jid and the IP__OP create operation will then set the jail's jid parameter and try to resolve any references not done before. The code should probably check for references to $jid before it is available (i.e. in the exec.prestart variable), but just substituting the empty string as it happens now should be just fine. Find the patch at https://erdgeist.org/arts/software/jail/usr.sbin.jail-jid.patch Regards, erdgeist From owner-freebsd-jail@FreeBSD.ORG Fri Oct 18 20:42:12 2013 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 79CA5EC2 for ; Fri, 18 Oct 2013 20:42:12 +0000 (UTC) (envelope-from erdgeist@erdgeist.org) Received: from elektropost.org (elektropost.org [217.115.13.199]) by mx1.freebsd.org (Postfix) with ESMTP id B24282CA2 for ; Fri, 18 Oct 2013 20:42:11 +0000 (UTC) Received: (qmail 23311 invoked from network); 18 Oct 2013 20:42:03 -0000 Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org) by elektropost.org with CAMELLIA256-SHA encrypted SMTP; 18 Oct 2013 20:42:03 -0000 Message-ID: <52619D1B.9040408@erdgeist.org> Date: Fri, 18 Oct 2013 22:42:03 +0200 From: Dirk Engling User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.0.1 MIME-Version: 1.0 To: freebsd-jail@FreeBSD.org Subject: Allowing meta-namespace in jail.conf X-Enigmail-Version: 1.5.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Oct 2013 20:42:12 -0000 Dear jail enthusiasts, in order to move forward with my jail management project ezjail, and make it support the new jail.conf way of managing jail configs, I need a way to add properties to jails that are currently not in the list of allowed parameters. I was thinking of something like web-jail { name = 'www.test.com'; meta.ezjail.imagetype = 'zfs'; meta.ezjail.zfsdataset = 'tank/ezjail/www.test.com-data'; } Alternatively, I could keep a shadow tree of config options and generate jail configs on the fly, but that would mean not using the power of the new jail config format. This can also lead to conflicting settings (e.g. from wildcard jails or global options) and unexpected parts of the system to look for configs. Another issue is the complexity of the jail.conf format which makes it hard to automatically manipulate entries. I've started working on a parser/generator in shell, but wondered if there are any plans to add a way to remove jail blocks (adding is easier) and add/modify/delete parameters in jail blocks. Some standardized way to get the result from jail(8)'s parser would of course be a nice start. Any thoughts on that? erdgeist From owner-freebsd-jail@FreeBSD.ORG Sat Oct 19 16:22:06 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id CC6D9ED3 for ; Sat, 19 Oct 2013 16:22:06 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from m2.gritton.org (gritton.org [199.192.164.235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id AD7D222B4 for ; Sat, 19 Oct 2013 16:22:06 +0000 (UTC) Received: from [192.168.0.34] (c-50-168-192-61.hsd1.ut.comcast.net [50.168.192.61]) (authenticated bits=0) by m2.gritton.org (8.14.7/8.14.7) with ESMTP id r9JG0w1p090011; Sat, 19 Oct 2013 10:00:58 -0600 (MDT) (envelope-from jamie@gritton.org) Message-ID: <5262ACBB.1040609@gritton.org> Date: Sat, 19 Oct 2013 10:00:59 -0600 From: James Gritton User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: Dirk Engling Subject: Re: Allowing meta-namespace in jail.conf References: <52619D1B.9040408@erdgeist.org> In-Reply-To: <52619D1B.9040408@erdgeist.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Oct 2013 16:22:06 -0000 On 10/18/2013 2:42 PM, Dirk Engling wrote: > Dear jail enthusiasts, > > in order to move forward with my jail management project ezjail, and > make it support the new jail.conf way of managing jail configs, I need a > way to add properties to jails that are currently not in the list of > allowed parameters. I was thinking of something like > > web-jail { > name = 'www.test.com'; > meta.ezjail.imagetype = 'zfs'; > meta.ezjail.zfsdataset = 'tank/ezjail/www.test.com-data'; > } > > Alternatively, I could keep a shadow tree of config options and generate > jail configs on the fly, but that would mean not using the power of the > new jail config format. This can also lead to conflicting settings (e.g. > from wildcard jails or global options) and unexpected parts of the > system to look for configs. > > Another issue is the complexity of the jail.conf format which makes it > hard to automatically manipulate entries. I've started working on a > parser/generator in shell, but wondered if there are any plans to add a > way to remove jail blocks (adding is easier) and add/modify/delete > parameters in jail blocks. Some standardized way to get the result from > jail(8)'s parser would of course be a nice start. > > Any thoughts on that? I'd been thinking of a similar thing, but at a different level. A "jail environment" where these arbitrary parameters are visible inside the kernel (and thus also via jls(8)). I was considering a single "env" parameter formatted like an environ(7) string, but I like your presentation as separate parameters (though I would probably call them "env.*" instead of "meta.*"). Regarding the jail.conf format, it would make sense to move its parsing into libjail. Then if we want we could add features like the extra manipulation you mention. - Jamie