From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 20:38:01 2015 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B6451A29 for ; Tue, 27 Jan 2015 20:38:01 +0000 (UTC) Received: from mail-la0-x231.google.com (mail-la0-x231.google.com [IPv6:2a00:1450:4010:c03::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 30910770 for ; Tue, 27 Jan 2015 20:38:01 +0000 (UTC) Received: by mail-la0-f49.google.com with SMTP id gf13so15361181lab.8 for ; Tue, 27 Jan 2015 12:37:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=vvlnx/Jmtd4V1C/fdcdSapW0iDMwhhH0CxcXZbxfe+M=; b=zXlBDKaSs5ETFn2m16c5iTB355W555znH8IIC/iPQtupe2LLgKwBd88iteRaHU4gKW hIOo491FsgCBDqx55w8YMjCZgvbbAr5rCPG7V25AE559B11vw99guuEY4CihAw0UCGtf xA4CMRObuH/mjeBWxv4mBn2898IsYXpE3uUnbl6IMuhVmHCjnxCwOEKEj17tXyJA6SdK JPHkQ9TohHqbQPoKAwzD7SR1CP1xWDwTU8JtvCj6eTsiTXKyiRhf41J2z8pC6tWJvu77 WzyFWjL90xzt42sc2BGkHytadaMN04uR+zdMSw6d7oL76Xwmo3YEv8XffPN6sfvKzoBh EFRg== MIME-Version: 1.0 X-Received: by 10.152.4.8 with SMTP id g8mr4019247lag.58.1422391079230; Tue, 27 Jan 2015 12:37:59 -0800 (PST) Received: by 10.25.16.220 with HTTP; Tue, 27 Jan 2015 12:37:59 -0800 (PST) In-Reply-To: <54C7F109.2040405@erdgeist.org> References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> <54C7C828.4070703@erdgeist.org> <14943.128.135.70.2.1422381245.squirrel@cosmo.uchicago.edu> <54C7D371.9010609@erdgeist.org> <13934.128.135.70.2.1422383293.squirrel@cosmo.uchicago.edu> <54C7F109.2040405@erdgeist.org> Date: Wed, 28 Jan 2015 09:37:59 +1300 Message-ID: Subject: Re: preferred jail management tool From: Peter Toth To: Dirk Engling Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 20:38:01 -0000 What I was missing the most was a simple out of the box experience with safe defaults for the end user with the ability to change properties in an atomic fashion. Also, jail(8) or jail.conf is by no means a comprehensive tool for managing all jail aspects. A lot of new technologies emerged/matured in FreeBSD in the recent years, we have resource containers (rctl), ZFS, VIMAGE/VNET, cpuset - just to name a few. These are a blessing when it comes to managing/using jails. These (awesome) technologies really set FreeBSD apart from other Unix like operating systems - yet no integration points existed for jails. So to answer the question again, jail.conf or the standard rc.d/jail felt too limiting with a lot of these features simply missing. On Wed, Jan 28, 2015 at 9:11 AM, Dirk Engling wrote: > On 27.01.15 21:01, Peter Toth wrote: > > > The most important part is jail(8) and properties can be passed to > jail(8) > > very easily. > > > > This is the very reason I stopped relying on any rc.d/jai or jail.conf > for > > iocage. It is much easier/simpler to add/modify features when dealing > with > > jail(8) directly. > > This means that you need to keep your config in yet another place. I > think it's much nicer to point a user to a defined location where he > would find everything that magically creates those jail containers at > system startup. > > I think that rc.d/jail and its config should provide all the means > necessary to describe the state of the system's jails after booting up. > If it doesn't, the tool is useless. Could you please explain what > features are missing in jail.conf for you to not use it? Maybe we can > layout a path to a better config abstraction. > > erdgeist >