From owner-freebsd-jail@freebsd.org Wed Feb 15 10:30:30 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 70ED5CDF667 for ; Wed, 15 Feb 2017 10:30:30 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-it0-x22d.google.com (mail-it0-x22d.google.com [IPv6:2607:f8b0:4001:c0b::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2D9971029 for ; Wed, 15 Feb 2017 10:30:30 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-it0-x22d.google.com with SMTP id 203so62205326ith.0 for ; Wed, 15 Feb 2017 02:30:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=hEgS+MjT3PzWT+GM5duUhAvMK2MQ+v+75erez3yOcfk=; b=r2AhQ2Po+eueBeIq+5x9Ch9LcCvpk9bjgki2KeZjItz6vhl3VQSt67pQoUXoqob2XN 5E1P2LMFy1tY9wj2VBaQZp/P8HxbUhU305uLG5yP3SG6FaYwm+3ZVfwbwX0lnCFBZT42 U2lq9u8tiiVwU7UWijAbRWY5pZMkyyQ3/CwCswRC4T7QZ5Q2a6aUy1lxveM7lQ+hw9pf lph3Ux1BqF00C6W/piAE75rWvf27bKHMq6bjwsUGwR4pSXNrGRmq37iLnAauav2I81aM NJi8i+yrNJhoVoPHm0w1mQJ6huay05FHLyFbYw9ajs2AEtDcNjwlcSJIAOR8lLcrXViw SD6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=hEgS+MjT3PzWT+GM5duUhAvMK2MQ+v+75erez3yOcfk=; b=Ct6b/stXUz8ptnR5NoUOwuIhjlv9mc50U5iyrZZhnLda8UyneCwDCxhtADJJlmhBs9 JimmiTFs8fhNz+/39u0Fj5cOc9NNxN/HzgCtzc/Z2UtsZggqwHLebYPbRabjxGIx7Q9Z sIuXQe/dWQNG6NGFngjo+VaaCVHvG6t4ok+mBodltv9eJKOk1YDXY/q5/H68mB6gaQj0 N4X3MdNBiDEHLFl5vplZ2bfgM3mfp8Zwhn4u1C3GUWfKC0aErOZt+8nTcr13ovWqMLIC lafwQyKlp/VT1MAGN+Q+MCjNAkoKMyYaCGf1qqP0TopZzZEEo829EJ3nMIyp9MP02ysC 916w== X-Gm-Message-State: AMke39lu1e04ZjmhUjvpMnctkAPXyjdqYemCD3OG6QzkN6PbIv4o/JKRvCvBQSW6tHvL6Q== X-Received: by 10.36.252.65 with SMTP id b62mr7816664ith.38.1487154629468; Wed, 15 Feb 2017 02:30:29 -0800 (PST) Received: from [10.0.10.3] (cpe-24-165-207-226.neo.res.rr.com. [24.165.207.226]) by smtp.googlemail.com with ESMTPSA id a4sm1561491ioa.43.2017.02.15.02.30.28 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 15 Feb 2017 02:30:28 -0800 (PST) Message-ID: <58A42DC7.5040702@gmail.com> Date: Wed, 15 Feb 2017 05:30:31 -0500 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Jeff Kletsky CC: freebsd-jail@freebsd.org Subject: Re: Using jail.conf array parameters in exec.* commands References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Feb 2017 10:30:30 -0000 Jeff Kletsky wrote: > TL;DR > > Is there a patch available to allow substitution of "array" parameters > into the strings used for exec.prestart, exec.poststop, and the like? > > > Longer: > > I'd like to be able to use array parameters in exec.* commands, > but trying to do so results in > > jail: test-two: exec.prestart: array cannot be substituted inline > > A quick check of the source didn't suggest it would work, but the > bash-isms ${host.interface[*]} and ${host.interface[@]} failed too. > > > The immediate application is in creating what will be the vnet.interface(s) > using netgraph on the appropriate host interfaces > > vnet.interface = ng0, ng1; > > Works well, once the interfaces are created, but I'd rather not have > to define that list twice in each jail. > > > If I could write something like: > > vnet.interface = ng0, ng1; > host.interface = re0, re0.100; > > and then iterate over them in the prestart and poststop scripts to: > > * Create ng0 connected to re0 > * Create ng1 connected to re0.100 > > it would be easier to maintain than having to write something like: > > vnet.interface = ng0, ng1; > parent.interfaces = "re0 re0.100"; > cloned.interfaces = "ng0 ng1"; > > > > I'm open to ideas here, including if I can somehow "write back" to > vnet.interface based on exec.prestart parsing the "custom" variables. > > > TIA, > > Jeff > An alternate method to coding the jail.conf vnet.interface parameter is to use the "ifconfig vnet" command to enable it and "ifconfig -vnet" command to disable it in your netgraph script that starts and stops the vnet jail. Doing so would eliminate your current desire for array processing in the jail.conf definition all together. I use the bridge/epair method my self because its so much easier to understand. If you don't mind sharing, I sure would like to see your netgraph script for vnet jail control once you get it working.