Date: Mon, 4 Jul 2011 16:36:16 -0500 From: Brandon Gooch <jamesbrandongooch@gmail.com> To: Jamie Gritton <jamie@freebsd.org> Cc: freebsd-jail@freebsd.org Subject: Re: New jail(8) with configuration files, not yet in head Message-ID: <CALBk6y%2BYWzOUzju-yN-bREX=4PY1pfhqX=QhW3K2qAExXkn8Mg@mail.gmail.com> In-Reply-To: <4E114EA9.4000605@FreeBSD.org> References: <4E114EA9.4000605@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 4, 2011 at 12:24 AM, Jamie Gritton <jamie@freebsd.org> wrote:
> I'm hoping to get the latest version of jail(8) in before the door slams
> shut on 9.0. =A0If anyone wants to take a look at the new code and give i=
t a
> spin, it may help to ease RE's mind about my tardiness. =A0The included d=
iff
> applies to the current usr.sbin/jail directory. =A0In addition to the new
> program, it adds a jail.conf(5) man page that explains the config file
> format (hint: it's a typical C-style block config).
>
> For anyone that caught my EuroBSDCon presentation last year, it's pretty
> much what I presented there. =A0Unfortunately it doesn't have the suggest=
ions
> that were given then, which remain on the to-do list. =A0What little time=
I've
> devoted to this project since then has gone into cleaning things up and
> fixing the error handling. =A0Other bits will still go in later, but firs=
t I'd
> like to move this from "project" to "real" status.
>
> The new program does two things. =A0First, it works the same way the curr=
ent
> jail(8) does, to add jails from the command line - or change their
> parameters, or remove them. =A0Then it adds the ability to to the same th=
ing
> from a config file, including running the start-up commands that are
> currently done by the rc.d/jail script. =A0Details of that are in the new
> jail(8) and jail.conf(5) man pages.
>
> Bugs: there shouldn't be any, of course :-). =A0But please let me know if=
you
> see any!
>
> - Jamie
>
This is great! I have had a great experience testing this out, I'm
sure others will find this really satisfying, particularly those also
testing VIMAGE kernels, since the new jail config framework has vnet
capability built-in.
I did however notice a minor nit in the output when removing a jail.
Here's the scenario:
I set out with a new jail.conf(5) file:
exec.start =3D "/bin/sh /etc/rc";
exec.stop =3D "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
ports {
path =3D "/usr/jails/$name";
ip4.addr =3D 10.1.1.1;
}
I run the jail creation command:
# jail -c ports
ports: created
/etc/rc: WARNING: $hostname is not set -- see rc.conf(5).
Creating and/or trimming log files.
ln: /dev/log: Operation not permitted
Starting syslogd.
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Clearing /tmp (X related).
Updating motd:.
Starting sshd.
Starting cron.
Starting ftpd.
Mon Jul 4 21:21:30 UTC 2011
...and the jail is running:
# jls
JID IP Address Hostname Path
3 10.1.1.1 /usr/jails/ports
Now, when I go to remove the jail:
# jail -r ports
Stopping cron.
Waiting for PIDS: 29824.
Terminated
.
jail: ports: (null): failed
I don't think it's anything to worry about, as the jail does indeed
get removed. I wonder though if this might be a indicator of some
underlying problem I haven't ran into yet with my simplistic testing.
All-in-all, I'm loving it -- thanks Jamie!
-Brandon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALBk6y%2BYWzOUzju-yN-bREX=4PY1pfhqX=QhW3K2qAExXkn8Mg>