From owner-freebsd-rc@FreeBSD.ORG Thu Oct 21 19:07:34 2010 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D4D5D1065679; Thu, 21 Oct 2010 19:07:34 +0000 (UTC) (envelope-from dteske@vicor.com) Received: from postoffice.vicor.com (postoffice.vicor.com [69.26.56.53]) by mx1.freebsd.org (Postfix) with ESMTP id 3CCE78FC20; Thu, 21 Oct 2010 19:07:33 +0000 (UTC) Received: from [208.206.78.30] (port=41206 helo=dt.vicor.com) by postoffice.vicor.com with esmtpsa (SSLv3:RC4-MD5:128) (Exim 4.71) (envelope-from ) id 1P90U7-0002iz-EE; Thu, 21 Oct 2010 12:07:33 -0700 From: Devin Teske To: Julian Elischer In-Reply-To: <4CC05D3E.4060704@freebsd.org> References: <1286925182.32724.18.camel@localhost.localdomain> <1286996709.32724.60.camel@localhost.localdomain> <1287448781.5713.3.camel@localhost.localdomain> <1287510629.25599.2.camel@localhost.localdomain> <4CC05D3E.4060704@freebsd.org> Content-Type: text/plain Organization: Vicor, Inc Date: Thu, 21 Oct 2010 12:07:31 -0700 Message-Id: <1287688051.17360.32.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.0.2 (2.0.2-41.el4) Content-Transfer-Encoding: 7bit X-Scan-Signature: 039cb2e8e02b076007c9031e8d4837ec X-Scan-Host: postoffice.vicor.com Cc: freebsd-rc@freebsd.org Subject: Re: sysrc(8) -- a sysctl(8)-like utility for managing rc.conf(5) X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Oct 2010 19:07:34 -0000 On Thu, 2010-10-21 at 08:33 -0700, Julian Elischer wrote: > On 10/20/10 11:46 PM, Devin Teske wrote: > > - # c. Prefix RC_CONFS with ROOTDIR > > + # If both are supplied, `-j jail' supercedes `-R dir' > > # > I was thinking about this... -j X -R /jail/jailY is what you would > use if you were BUILDING a child jail within a jail.. > Since we now have hierarchical jails :-) > > you need not implement this.. I was just stating that I interpreted > what it would mean differently from you.. ^_^ I think we think alike. I thought long and hard about that one (actually saw some real merits to supporting either multiple `-j' arguments or combination `-j'/`-R', or multiple `-R', et cetera, etc. ad nauseum). ... but where would it end? I had to draw the line somewhere, and I figured, hey... if someone wants to build heirarchical jails, they can do this: jexec 8 sysrc -R /usr/jail/subjail1 ... or chroot /usr/jail/jail1 sysrc -R /usr/jail/subjail1 ... Where the parent jail is `/usr/jail/jail1' and the child jail is `/usr/jail/jail1/usr/jail/subjail1'. I think that seems reasonable. Even going one level deeper seems do-able (if not a bit masochistic): jexec 8 jexec 1 sysrc -R /usr/jail/subsubjail1 ... or chroot /usr/jail/jail1 chroot /usr/jail/subjail1 sysrc - R /usr/jail/subsubjail1 ... ============================== ... and it dawned on me a couple days ago ... `-R dir' is absolutely required for operating on _inactive_ jails. So this really becomes a powerful tool when you consider that nearly-all jail admins go through the following process at least once in their life: 1. Populate some directory with vanilla FreeBSD installation (either from `buildworld'/`installworld' process or via some other method such as jail_build(8) + binary distribution) 2. Configure services in rc.conf(5) file(s) within the jail prior to starting the jail. 3. Bring the jail up. I think it's notably handy to be able to have a makefile that can cleanly configure the rc.conf(5) file(s) for you within that jail prior to bringing it up. -- Cheers, Devin Teske -> CONTACT INFORMATION <- Business Solutions Consultant II FIS - fisglobal.com 510-735-5650 Mobile 510-621-2038 Office 510-621-2020 Office Fax 909-477-4578 Home/Fax devin.teske@fisglobal.com -> LEGAL DISCLAIMER <- This message contains confidential and proprietary information of the sender, and is intended only for the person(s) to whom it is addressed. Any use, distribution, copying or disclosure by any other person is strictly prohibited. If you have received this message in error, please notify the e-mail sender immediately, and delete the original message without making a copy. -> END TRANSMISSION <-